|
Lines 79-85
Link Here
|
| 79 |
recompile their kernels with <emphasis>IPFW2</emphasis> |
79 |
recompile their kernels with <emphasis>IPFW2</emphasis> |
| 80 |
support. &os; 4.X users should consult the &man.ipfw.8; |
80 |
support. &os; 4.X users should consult the &man.ipfw.8; |
| 81 |
manual page for more information on using IPFW2 on their |
81 |
manual page for more information on using IPFW2 on their |
| 82 |
systems.</para></note> |
82 |
systems, and should pay particular attention to the |
|
|
83 |
<emphasis>USING IPFW2 IN FreeBSD-STABLE</emphasis> |
| 84 |
section.</para></note> |
| 83 |
</listitem> |
85 |
</listitem> |
| 84 |
</varlistentry> |
86 |
</varlistentry> |
| 85 |
|
87 |
|
|
Lines 183-196
Link Here
|
| 183 |
# defaults to tun0. |
185 |
# defaults to tun0. |
| 184 |
oif="tun0" |
186 |
oif="tun0" |
| 185 |
|
187 |
|
|
|
188 |
# Define our inside interface. This is usually your network |
| 189 |
# card. Be sure to change this to match your own network |
| 190 |
# interface. |
| 191 |
iif="fxp0" |
| 192 |
|
| 186 |
# Force a flushing of the current rules before we reload. |
193 |
# Force a flushing of the current rules before we reload. |
| 187 |
$fwcmd -f flush |
194 |
$fwcmd -f flush |
| 188 |
|
195 |
|
| 189 |
# Allow all connections that we initiate, and keep their state, |
196 |
# Check the state of all packets. |
| 190 |
# but deny established connections that don't have a dynamic rule. |
|
|
| 191 |
$fwcmd add check-state |
197 |
$fwcmd add check-state |
|
|
198 |
|
| 199 |
# Stop spoofing on the outside interface. |
| 200 |
$fwcmd add deny ip from any to any in via $oif not verrevpath |
| 201 |
|
| 202 |
# Allow all connections that we initiate, and keep their state. |
| 203 |
# but deny established connections that don't have a dynamic rule. |
| 192 |
$fwcmd add allow ip from me to any out via $oif keep-state |
204 |
$fwcmd add allow ip from me to any out via $oif keep-state |
| 193 |
$fwcmd add deny tcp from any to any established in via $oif |
205 |
$fwcmd add deny tcp from any to any established in via $oif |
|
|
206 |
|
| 207 |
# Allow all connections within our network. |
| 208 |
$fwcmd add allow ip from any to any via $iif |
| 209 |
|
| 210 |
# Allow all local traffic. |
| 211 |
$fwcmd add allow all from any to any via lo0 |
| 212 |
$fwcmd add deny all from any to 127.0.0.0/8 |
| 213 |
$fwcmd add deny ip from 127.0.0.0/8 to any |
| 194 |
|
214 |
|
| 195 |
# Allow internet users to connect to the port 22 and 80. |
215 |
# Allow internet users to connect to the port 22 and 80. |
| 196 |
# This example specifically allows connections to the sshd and a |
216 |
# This example specifically allows connections to the sshd and a |