IPFW works a little to well...

18 Nov 1998 12:14:50 -0000 

Greetings,
        Looking for a little help with ipfwadm. Got a good machine running 2.0,
two nics and the system is passing traffic wonderfully.  Now I would like
to put in packet filtering. IPFW sounds as though it will fit the bill.
        The HOWTO regarding IPFW suggests a script, which I have written and is
below. The problem, when I execute the script nothing comes in, nothing
goes out, the perfect firewall. The bad news is I need some traffic to
pass. The network behind the firewall is a subnet of a class B network with
255 addresses. If you have any insight on why I might be running into
trouble, or if you have suggestions, I would love to hear from you.

#!/bin/sh
#  Setup IP packet Accounting and Forwarding
#
#
#  By Default DENY ALL services first
ipfwadm -F -p deny
#
#  Flush all Commands
ipfwadm -F -f
ipfwadm -I -f
ipfwadm -O -f
#
#  Allow email to NCTAMS01 
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 111.229.13.13
#  Allow email to NS1 Relay host
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 111.229.13.2
#  Allow email to outside mail severs from NCTAMS01
ipfwadm -F -a accept -b -P tcp -S 111.229.13.13 25 -D 0.0.0.0/0 1024:65535
#  Allow email to ouside mail servers from NS1
ipfwadm -F -a accept -b -P tcp -S 111.229.13.2 25 -D 0.0.0.0/0 1024:65535
#  Allow DNS traffic to NS1
ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 111.229.13.2
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 53 -D 111.229.13.2
ipfwadm -F -a accept -b -P tcp -S 111.229.232.0/24 82 -D 111.229.13.2
#  Allow Web connections to outside Web Servers
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 80 -D 0.0.0.0/0 1024:65535 
#  Allow FTP connection to outside Servers
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 20 -D 0.0.0.0/0 1024:65535 
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 21 -D 0.0.0.0/0 1024:65535 
#  Allow Telnet connections to outside Servers
ipfwadm -F -a accept -b -P tcp -S 111.229.13.0/24 23 -D 0.0.0.0/0 1024:65535
#  Allow NTP time to NS1
ipfwadm -F -a accept -b -P tcp -S 111.229.13.2 123 -D 0.0.0.0/0 1024:65535
 


Anthony Landreneau
Network Administrator
Infinity Data Systems
New Orleans Louisiana
(504)455-8973

Reply via email to