[ale] ipfwadmin rules?

Nomad the Wanderer nomad at orci.com
Fri Jun 5 18:23:49 EDT 1998 

Looks good.  If I changed -D to the IP of my ftp server, and I had
a netmask of 255.255.255.240, what would be the value of X in
-D a.b.c.d/X.

Robert

Thus spake Jeremy T. Bouse (undrgrid at undergrid.net):

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Fri, 5 Jun 1998, Nomad the Wanderer wrote:
> 
> > Date: Fri, 5 Jun 1998 15:47:58 -0600
> > From: Nomad the Wanderer <nomad at orci.com>
> > To: Atlanta Linux Enthusiasts <ale at cc.gatech.edu>
> > Subject: [ale] ipfwadmin rules?
> > 
> > Ok
> >   If I wanted to block all incoming connections, except ssh and ftp what
> > rules would I use?  I read the manpage but for some reason, it's just not
> > sinking in...
> > 
> 	Try these rules for ipfwadm right from my /etc/init.d/netbase on
> my home computer:
> 
> echo "Flush tables..."
> ipfwadm -I -f
> ipfwadm -O -f
> 
> echo -n "Setting incoming filters: "
> ipfwadm -I -p deny
> # ICMP
> echo -n "ICMP "
> ipfwadm -I -a deny -b -o -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0
> 
> # FTP
> echo -n "ftp "
> ipfwadm -I -a accept -b -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 20
> ipfwadm -I -a accept -b -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 21
> 
> # SSH
> echo -n "ssh "
> ipfwadm -I -a accept -b -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 22
> 
> 	That should work for you... will only allow FTP and SSH
> connections to ports 20-22 while all Outgoing traffic would be able to go
> out without a problem... You could expand this to any other service by
> duplicating the lines and changing the port number.
> 	Sincerely,
> 	Jeremy T. Bouse
> 	System Administrator
> 
>    Jeremy T. Bouse - SouthNet TeleComm Services, Inc - www.STSI.net
>   PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198  19D0593E50E597E9
>  Public PGP key availble by sending email with 'send pgpkey' in subject
>      undrgrid at UnderGrid.net - NIC Whois: JB5713 - undrgrid at STSI.net
>          /earth is 98% full ... please delete anyone you can.
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
> 
> iQCVAwUBNXhrouak13roPZrlAQH8fgP+PSXADDogoxD53IX6AWSdrj/af93FJa3x
> VGjdTvLy7tCMZdxh+pGRvMJ4JPL1Udu65vGl7g5AtRUkm2VMgaAaZXkSBB9bu5Lo
> 0yfAbCiVqEtNfceEoNGftAsvE2kUw2fKYv0xBpWTaQ78cxcNOH1X8GA3MDitbQp5
> kytUbPaQoiw=
> =MiP3
> -----END PGP SIGNATURE-----
> 

---------------------------------------------------------------------------
Robert L. Harris            |   Educate the Masses,
Senior System Administrator |      Don't just help them to
  at Great West Life.        \_       Remain ignorant.       

http://www.orci.com/~nomad

DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the Ale mailing list