Filtering established connection in ipfw
From: Tomi Kaistila (tomi.kaistila_at_datamike.org)
Date: 03/19/04
- Previous message: Chuck Swiger: "Re: Small question about bridging and arp"
- Next in thread: Mike Silbersack: "Re: Filtering established connection in ipfw"
- Reply: Mike Silbersack: "Re: Filtering established connection in ipfw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <freebsd-net@freebsd.org> Date: Fri, 19 Mar 2004 01:50:10 +0200
Hello
I've just sometime ago got a second computer, I installed FreebSD 5.2 on it,
full installation and I'm on my way of making a server out of it. Basically
from the beginning, I've been struggling with ipfw, to make up a good
ruleset.
I've enabled IPFIREWALL in the kernel. My philosophy is, if it's not in the
rules deny it. I have a very strict ruleset at the moment, only allowing
connections to certain services and all from designated ports. All other
connections are denied. My problem is that this also hinders my use of
Internet from this machine. Although I have a rule that allows all
connection from the server to outside, many connections spawn a reply. i.e.
if I ping an address, I must also enable icmp from the outside world to my
machine to receive the reply.
My question is, can I make a rule that allows such replies to pass the
packet filter, but to drop if it is not such a reply or similar signal? I
tried using the setup and established flags but either I did something wrong
or it just didn't work out that way.
-- Tomi _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Chuck Swiger: "Re: Small question about bridging and arp"
- Next in thread: Mike Silbersack: "Re: Filtering established connection in ipfw"
- Reply: Mike Silbersack: "Re: Filtering established connection in ipfw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
