[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
good IPF firewall ruleset
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: good IPF firewall ruleset
- From: Camille Davis <archcape_(_at_)_yahoo_(_dot_)_com>
- Date: Tue, 18 Sep 2001 16:36:02 -0700
After following tutorials and writing a big bloated firewall ruleset, I
finally found one that works really well:
Assuming your ethernet connection to the outside world is fxp0. And you're
not running a webserver or anything inside your firewall.
This blocks ALL outside traffic you didn't specifically request via web
browser, email program, etc.
Except it lets SSH connections in so you can administer from home.
# LET SSH IN FAST
Pass in quick from any to any port = 22
# ONLY LET IN THINGS THAT WE'VE INITIATED
pass out on fxp0 proto tcp from any to any flags S keep state
pass out on fxp0 proto icmp from any to any keep state
pass out on fxp0 proto udp from any to any keep state
# "BLOCK EVERYTHING ELSE" RULE
block in on fxp0 from any to any
Visit your host, monkey.org