Re: laptop firewall rules

• Previous message: Andrew P.: "Re: SAP R/3 ISO images"
• In reply to: andy_at_neu.net: "laptop firewall rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 31 Oct 2005 16:44:03 +0200
To: andy@neu.net

On 2005-10-30 17:41, andy@neu.net wrote:
> Does anyone have a good example of a firewall ruleset for a wireless
> interface in a laptop, or a pointer to documentation? I want to use
> IPFilter on 6.0 rc1.
I'd strongly recommend pf(4) over IP Filter. The PF firewall
seems to have all the features IP Filter has and it's also better
maintained, AFAIK.

> I want to let all connections out and keep state, but block all
> incoming from the outside.

Good idea. I'm using a fairly restrictive set of firewall
rules, even in networks where my laptop has to use DHCP:

% # Firewall rules for the pf(4) firewall.
% # Giorgos Keramidas <keramida@freebsd.org>
% #
% # Based on:
% # $FreeBSD: src/etc/pf.conf,v 1.2 2004/09/14 01:07:18 mlaier Exp $
% # $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
%
% set block-policy return
% set require-order yes
% set skip on lo0
%
% scrub in all
%
% ### Packet filtering:
%
% block in log all
% block out log all
%
% # Allow all ICMP packets.
% # They are mostly useful and rate-limited by the kernel anyway.
% pass in proto icmp all
% pass out proto icmp all
%
% # Allow all outgoing connections.
% pass out proto { tcp, udp } all keep state (no-sync)
%
% # Allow some incoming connections.
% pass in proto tcp from any to any port = 22 keep state (no-sync)

Note that, skipping the PF options near the beginning and the
"(no-sync)" options that are PF-specific, you can almost
certainly use the same ruleset for IP Filter.

- Giorgos

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Andrew P.: "Re: SAP R/3 ISO images"
• In reply to: andy_at_neu.net: "laptop firewall rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: D-Link 604 Router ... > I can filter outbound connections using URL filtering using something ... > firewall software or hardware and no router, ... (comp.security.firewalls) Re: Hardware Firewall Recommendation ... Deny Java Applets ... Web Blocker Schedule - enable/disable at programmed times ... Web Blocker non-Operational Controls (what to filter when OFF) ... block .EXE you never have to go back and update the firewall to keep ... (comp.security.firewalls) Re: BLOCKING IPs ... In the NAT/Basic firewall tab, ... In the right pane of the windows, right click Network connections. ... click Inbound filter. ... > If you are using SBS 2003 Premium, you can use ISA server to block this ... (microsoft.public.windows.server.sbs) Re: ZoneAlarm and AVG cause "Shut Down" to Fail ... A second effect is, that before Windows XP SP2, "Personal Firewalls" had ... packet filter for Windows looks like a very good idea, ... It's idiotic from Microsoft to start so many servers, ... "Your Personal Firewall saved you from an attack again!!!1!11". ... (comp.security.firewalls) RE: Possible DoS Attack? ... > was compromised they'd have simply turned off the filter, ... system accepts to turn the firewall off? ... wrote regarding RE: Possible DoS Attack?: ... What your firewall dropped was the result of a port ... (Incidents)