devil
devil
Hallo,
habe nach langem "read, try and error" eigene Firewallregeln definiert.
Aber ich glaube, dass ich zuviel offen habe...ist ein Einzelplatzrechner, kein NAT oder Routing.
Kann mal bitte jemand ein Review der Regeln machen oder mir sagen, wo ich ein gutes und *geprüftes* Script für IPFW2 finden kann? Danke!
devil
__________________________________
#!/bin/sh
dns="192.168.5.44,213.191.74.18,213.191.92.87"
incomingports="22,80,443"
#ntp1.fau.de,ntp2.fau.de,ntp-cup.external.hp.com,lerc-dns.lerc.nasa.gov"
ntp="131.188.3.221,131.188.3.222,192.6.38.127,128.156.1.43"
ipfw -q -f flush
ipfw add allow ip from any to any via lo0
ipfw add deny all from any to 127.0.0.0/8
ipfw add deny all from 127.0.0.0/8 to any
ipfw add allow tcp from any to any established
ipfw add allow tcp from any to any out via fxp0 setup keep-state
ipfw add allow udp from any to any out via fxp0
ipfw add allow ip from 192.168.5.0/24 to me via fxp0
ipfw add allow tcp from ${dns} 53 to me in via fxp0 setup keep-state
ipfw add allow udp from ${dns} 53 to me in via fxp0 keep-state
ipfw add allow udp from $ntp 123 to me in via fxp0
ipfw add allow udp from me 123 to $ntp out via fxp0
ipfw add allow icmp from any to any icmptype 3,4
ipfw add allow icmp from any to any out icmptype 8
ipfw add allow icmp from any to any in icmptype 0
ipfw add allow tcp from any to me ${incomingports} in via fxp0 setup keep-state
ipfw add 65534 log logamount 10 deny ip from any to any
________________________________________________-
habe nach langem "read, try and error" eigene Firewallregeln definiert.
Aber ich glaube, dass ich zuviel offen habe...ist ein Einzelplatzrechner, kein NAT oder Routing.
Kann mal bitte jemand ein Review der Regeln machen oder mir sagen, wo ich ein gutes und *geprüftes* Script für IPFW2 finden kann? Danke!
devil
__________________________________
#!/bin/sh
dns="192.168.5.44,213.191.74.18,213.191.92.87"
incomingports="22,80,443"
#ntp1.fau.de,ntp2.fau.de,ntp-cup.external.hp.com,lerc-dns.lerc.nasa.gov"
ntp="131.188.3.221,131.188.3.222,192.6.38.127,128.156.1.43"
ipfw -q -f flush
ipfw add allow ip from any to any via lo0
ipfw add deny all from any to 127.0.0.0/8
ipfw add deny all from 127.0.0.0/8 to any
ipfw add allow tcp from any to any established
ipfw add allow tcp from any to any out via fxp0 setup keep-state
ipfw add allow udp from any to any out via fxp0
ipfw add allow ip from 192.168.5.0/24 to me via fxp0
ipfw add allow tcp from ${dns} 53 to me in via fxp0 setup keep-state
ipfw add allow udp from ${dns} 53 to me in via fxp0 keep-state
ipfw add allow udp from $ntp 123 to me in via fxp0
ipfw add allow udp from me 123 to $ntp out via fxp0
ipfw add allow icmp from any to any icmptype 3,4
ipfw add allow icmp from any to any out icmptype 8
ipfw add allow icmp from any to any in icmptype 0
ipfw add allow tcp from any to me ${incomingports} in via fxp0 setup keep-state
ipfw add 65534 log logamount 10 deny ip from any to any
________________________________________________-
Zuletzt bearbeitet von einem Moderator: