ipfw settings setup help

J

Jim WH

I have tried several diiferent way to Sunday to configure the ipfw firewall with a simple example to allow localhost, internet, etc. I read the FreeBSD handbook, watched Youtubes, and read posts but my settings still blocked everything. I setup this file:
Code: 
$ cat /etc/ipf.rules  
add check-state                                  
add allow udf from any to any 67 setup keep-state
add allow udf from any to any 68 setup keep-state
add allow tcp from any to any 53 setup keep-state
add allow udp from any to any 53 keep-state
add allow tcp from any to any 22 setup keep-state
add allow tcp from any to any 80 setup keep-state
add allow tcp from any to any 443 setup keep-state
add allow tcp from any to any 110 setup keep-state
add allow tcp from any to any 25 setup keep-state
add deny log all from any to any
the iwfw list looks like this: ... I don't know how this affects my above settings
Code: 
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any icmp6types 1
01000 allow ipv6-icmp from any to any icmp6types 2,135,136
65535 deny ip from any to any

my rc.conf last was set as follows ... I had firewall_type="/etc/ipf.rules"
Code: 
firewall_enable="YES"
firewall_type="22/tcp 443/tcp 110/tcp 80/tcp https"
clamav_freshclam_enable="YES"
firewall_quiet="YES"
firewall_myservices="any"
firewall_logdeny="YES"
I new to FreeBSD and have spent days trying to figure this out. I really don't trust a script but having a hard time understand which files I need to create or what to do. I am frustrated but don't want to give up. Help please
 
Set firewall_type to client or workstation. That will use a pre-defined ruleset:
That /etc/ipf.rules file is for a different firewall (IPFilter). There are three different firewalls to choose from, PF, IPFW and IPFilter. Don't mix them up.
 
Dear Jim WH,
if /etc/ipfw.rules you missed the leading ipfw command and mistyped udp by udf a few times. I guess this are just typing mistakes.The output of ipfw list shows that almost everything is blocked. Regarding /etc/rc.conf firewall_type and firewall_myservices are mixed. Below is what I have in my /etc/rc.conf regarding firewall:
Code: 
firewall_enable="yes"
firewall_type="workstation"
firewall_logging="yes"
firewall_myservices="ssh/tcp"
firewall_allowservices="192.168.0.0/24"
Please have a look at /etc/rc.firewall for explanations. Before using the configuration my firewall_type I have tried a self written file, too. If have changed to the method using the pre-configured sets because they are written by people with more knowledge than me ;). But basically it is very good to study how things work. I wish you sucess in finding your best path to understand and configure firewalls. I am no expert at all...
 
You must log in or register to reply here.
Back
Top