Hello,
recently I installed IPFW on the server. Everything seems to be fine but incoming emails.
When I enable the firewall it blocks incoming mails from external servers.
I am using FreeBSD 11.
Here is my firewall rules:
I would appreciate you help.
recently I installed IPFW on the server. Everything seems to be fine but incoming emails.
When I enable the firewall it blocks incoming mails from external servers.
I am using FreeBSD 11.
Here is my firewall rules:
Code:
##############################
# IPFW RULES Server
##############################
cmd="ipfw -q add"
ipfw -q -f flush
##############################
#Allow loopback and deny loopback spoofing
##############################
$cmd 10 allow all from any to any via lo0
$cmd 20 deny all from any to 127.0.0.0/8
$cmd 30 deny all from 127.0.0.0/8 to any
$cmd 40 deny tcp from any to any frag
##############################
# Stateful Rules
##############################
$cmd 50 check-state
$cmd 60 allow tcp from any to any established
$cmd 70 allow all from any to any out keep-state
$cmd 80 allow icmp from any to any
##############################
# Incoming/outgoing services
##############################
$cmd 61 allow udp from any to any 53 in setup keep-state
$cmd 62 allow tcp from any to any 53 in setup keep-state
$cmd 65 allow tcp from any to any 80 in setup keep-state
$cmd 72 allow tcp from any to any 443 in setup keep-state
$cmd 100 allow tcp from any to any 35000-35999 out setup keep-state
$cmd 110 allow tcp from any to any 465 in setup keep-state
$cmd 120 allow tcp from any to any 465 out setup keep-state
$cmd 130 allow tcp from any to any 993 in setup keep-state
$cmd 140 allow tcp from any to any 995 in setup keep-state
#################################################
# Deny Port scanning (Nmap)
#################################################
$cmd 04600 deny log logamount 50 ip from any to any ipoptions rr
$cmd 04610 deny log logamount 50 ip from any to any ipoptions ts
$cmd 04620 deny log logamount 50 ip from any to any ipoptions lsrr
$cmd 04630 deny log logamount 50 ip from any to any ipoptions ssrr
$cmd 04640 deny log logamount 50 tcp from any to any tcpflags syn,fin
##############################
# Deny and log
##############################
$cmd 999 deny log all from any to any
$cmd 04650 deny log logamount 50 tcp from any to any tcpflags syn,rst
I would appreciate you help.