[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

good IPF firewall ruleset

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: good IPF firewall ruleset
From: Camille Davis <archcape_(_at_)_yahoo_(_dot_)_com>
Date: Tue, 18 Sep 2001 16:36:02 -0700

After following tutorials and writing a big bloated firewall ruleset, I finally found one that works really well:

Assuming your ethernet connection to the outside world is fxp0. And you're not running a webserver or anything inside your firewall.

This blocks ALL outside traffic you didn't specifically request via web browser, email program, etc. Except it lets SSH connections in so you can administer from home.


# LET SSH IN FAST
Pass in quick from any to any port = 22
# ONLY LET IN THINGS THAT WE'VE INITIATED
pass out on fxp0 proto tcp from any to any flags S keep state
pass out on fxp0 proto icmp from any to any keep state
pass out on fxp0 proto udp from any to any keep state
# "BLOCK EVERYTHING ELSE" RULE
block in on fxp0 from any to any

Prev by Date: Re: IPF
Next by Date: Re: cdrecord problems
Previous by thread: misc님 안녕하세요.
Next by thread: Re: good IPF firewall ruleset
Index(es):
- Date
- Thread

Visit your host, monkey.org