gaf
January 9th, 2004, 12:20
I am a total newbie trying to learn FreeBSD. I have Greg Leheys book and several other handbooks for FreeBSD and UNIX. I have installed it several times, mostly successful, just for practice. I want to use FreeBSD on my desktop only, as a start. One of my problems is to set up a firewall. I read an article (http://www.ofb.biz/modules.php?name=News&file=article&sid=282) which among other things explain how to make a firewall for a dial up connection. My question is if I can use that one as it is or if I have to make changes.
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
${fwcmd} -f flush
# Allow all data from my network card and localhost.
${fwcmd} add allow ip from any to any via lo0
# Allow all connections that I initiate.
${fwcmd} add allow tcp from any to any out xmit tun0 setup
${fwcmd} add allow tcp from any to any out xmit ppp0 setup
# Once connections are made, allow them to stay open.
${fwcmd} add allow tcp from any to any via tun0 established
${fwcmd} add allow tcp from any to any via ppp0 established
# This sends a RESET to all ident packets.
${fwcmd} add reset log tcp from any to any 113 in recv tun0
${fwcmd} add reset log tcp from any to any 113 in recv ppp0
# Allow outgoing DNS queries ONLY to the specified servers.
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
# Allow them back in with the answers... :)
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
# Enable ICMP: remove type 8 if you don't want your host to be pingable
${fwcmd} add allow icmp from any to any icmptypes 0,3,11,12,13,14
# Deny all the rest.
${fwcmd} add drop log ip from any to any
I also need to know if FreeBSD 4.9 supports the wireless PCI D-Link DWL520+. :?
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
${fwcmd} -f flush
# Allow all data from my network card and localhost.
${fwcmd} add allow ip from any to any via lo0
# Allow all connections that I initiate.
${fwcmd} add allow tcp from any to any out xmit tun0 setup
${fwcmd} add allow tcp from any to any out xmit ppp0 setup
# Once connections are made, allow them to stay open.
${fwcmd} add allow tcp from any to any via tun0 established
${fwcmd} add allow tcp from any to any via ppp0 established
# This sends a RESET to all ident packets.
${fwcmd} add reset log tcp from any to any 113 in recv tun0
${fwcmd} add reset log tcp from any to any 113 in recv ppp0
# Allow outgoing DNS queries ONLY to the specified servers.
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
# Allow them back in with the answers... :)
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
# Enable ICMP: remove type 8 if you don't want your host to be pingable
${fwcmd} add allow icmp from any to any icmptypes 0,3,11,12,13,14
# Deny all the rest.
${fwcmd} add drop log ip from any to any
I also need to know if FreeBSD 4.9 supports the wireless PCI D-Link DWL520+. :?