From: "Hasse R. Hansen" <none@hasse--ramlev.dk.lh.bsd-dk.dk> To: <none@bsd-dk--bsd-dk.dk.lh.bsd-dk.dk> Subject: Sidder og roder med noget firewall Date: Wed, 21 Jan 2004 21:06:43 +0100
Jeg har fået min freebsd server til at rulle,
Mangler blot at få aktiveret min firewall,
Følgende er tilføjet og kompileret ind I kernen :
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=200
Min rc.conf ser så'n ud :
firewall_enable="YES"
firewall_script="/etc/firewall"
firewall_logging_enable="YES"
Min /etc/firewall ser så'n ud :
fwcmd="/sbin/ipfw"
$fwcmd -f flush
$fwcmd add divert natd all from any to any via tun0
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via rl0
$fwcmd add allow tcp from any to any out xmit tun0 setup
$fwcmd add allow tcp from any to any via tun0 established
$fwcmd add allow tcp from any to any 80 setup keep-state
$fwcmd add allow tcp from any to any 22 setup keep-state
$fwcmd add allow tcp from any to any 25 setup keep-state
$fwcmd add allow tcp from any to any 110 setup keep-state
# MySQL
/sbin/ipfw add 1002 accept tcp from 127.0.0.1 to any 3306
/sbin/ipfw add 1003 accept udp from 127.0.0.1 to any 3306
/sbin/ipfw add 1002 accept tcp from 69.93.111.26 to any 3306
/sbin/ipfw add 1003 accept udp from 69.93.111.26 to any 3306
/sbin/ipfw add 2000 deny tcp from any to any 3306
/sbin/ipfw add 2001 deny udp from any to any 3306
$fwcmd add reset log tcp from any to any 113 in recv tun0
$fwcmd add 65435 allow icmp from any to any
$fwcmd add 65435 deny log ip from any to any
Men min box er stadig åben som bare fand...
Jeg skal have port (21?), 22, 25, 80, 110 åben.
Mit netkort er rl0
Scriptet ovenover er fundet et sted på nettet og passet til som jeg troede
det skulle.
Nogle der kan hjælpe mig ???, er helt ny mht. Firewalls.
Med venlig hilsen / best regards
Hasse R. Hansen - hasse@ramlev.dk
Mobile : +45 26 15 17 49
www.ramlev.dk
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:35 CET