Hi all,
I have built an ipfw firewall with natd. When I set the firewall type to open and add no fw rules, I can access my web server. When I add my rules, the browser times out. I added 'log in all deny, rules. but there is no log entry. Here's my fw config:
Everytime I add the firewall script with
it cuts the ssh session. I also see many entries in the log like:
where xxx.xxx.xxx.xxx is my current IP and yyy.yyy.yyy.yyy is the server's IP
Thanks for your help.
I have built an ipfw firewall with natd. When I set the firewall type to open and add no fw rules, I can access my web server. When I add my rules, the browser times out. I added 'log in all deny, rules. but there is no log entry. Here's my fw config:
Code:
00005 allow ip from any to any via em1 #em1 = LAN Interface
00010 allow ip from any to any via lo0
00014 divert 8668 ip from any to any in via em0 # em0 Public WAN Interface
00020 check-state
00310 skipto 901 tcp from any to 8.8.8.8 dst-port 53 out via em0 setup keep-state
00310 skipto 901 udp from any to 8.8.8.8 dst-port 53 out via em0 keep-state
00330 skipto 901 tcp from any to any dst-port 25 out via em0 setup keep-state
00340 skipto 901 tcp from any to any dst-port 80 out via em0 setup keep-state
00340 skipto 901 tcp from any to any dst-port 21 out via em0 setup keep-state
00341 skipto 901 tcp from any to any dst-port 443 out via em0 setup keep-state
00350 allow tcp from me to any out via em0 setup uid root keep-state
00360 skipto 901 icmp from any to any out via em0 keep-state
00399 deny log ip from any to any out via em0
00410 deny icmp from any to any in via em0
00415 deny tcp from any to any dst-port 113 in via em0
00420 deny tcp from any to any dst-port 137 in via em0
00421 deny tcp from any to any dst-port 138 in via em0
00422 deny tcp from any to any dst-port 139 in via em0
00423 deny tcp from any to any dst-port 81 in via em0
00430 deny ip from any to any frag in via em0
00432 deny tcp from any to any established in via em0
00440 allow tcp from any to me dst-port 22 in via em0 setup limit src-addr 2
00451 allow tcp from any to any dst-port 80 in via em0 setup limit src-addr 10
00460 allow tcp from any to any dst-port 443 in via em0 setup limit src-addr 10
00499 deny log ip from any to any in via em0
00901 divert 8668 ip from any to any out via em0
00902 allow ip from any to any
00999 deny log ip from any to any
65535 deny ip from any to any
Everytime I add the firewall script with
Code:
/etc/ipfw.rules &
Code:
Feb 26 18:32:35 fortknox kernel: ipfw: 399 Deny TCP xxx.xxx.xxx.xxx:22 yyy.yyy.yyy.yyy:58753 out via em0
Thanks for your help.