[ale] ipfwadmin rules?

Michael H. Warfield mhw at wittsend.com
Mon Jun 8 09:09:08 EDT 1998


Nomad the Wanderer enscribed thusly:

> One more problem.  I have 2 interfaces, eth0 and ppp0.  How do I limit the rules
> to just the ppp0 interface.  When I applied the rules below it killed the machines
> on the backend also.

	-W ppp0

> Robert
> 
> Thus spake Jeremy T. Bouse (undrgrid at undergrid.net):
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > 
> > On Fri, 5 Jun 1998, Nomad the Wanderer wrote:
> > 
> > > Date: Fri, 5 Jun 1998 15:47:58 -0600
> > > From: Nomad the Wanderer <nomad at orci.com>
> > > To: Atlanta Linux Enthusiasts <ale at cc.gatech.edu>
> > > Subject: [ale] ipfwadmin rules?
> > > 
> > > Ok
> > >   If I wanted to block all incoming connections, except ssh and ftp what
> > > rules would I use?  I read the manpage but for some reason, it's just not
> > > sinking in...
> > > 
> > 	Try these rules for ipfwadm right from my /etc/init.d/netbase on
> > my home computer:
> > 
> > echo "Flush tables..."
> > ipfwadm -I -f
> > ipfwadm -O -f
> > 
> > echo -n "Setting incoming filters: "
> > ipfwadm -I -p deny
> > # ICMP
> > echo -n "ICMP "
> > ipfwadm -I -a deny -b -o -P icmp -S 0.0.0.0/0 -D 0.0.0.0/0
> > 
> > # FTP
> > echo -n "ftp "
> > ipfwadm -I -a accept -b -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 20
> > ipfwadm -I -a accept -b -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 21
> > 
> > # SSH
> > echo -n "ssh "
> > ipfwadm -I -a accept -b -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 22
> > 
> > 	That should work for you... will only allow FTP and SSH
> > connections to ports 20-22 while all Outgoing traffic would be able to go
> > out without a problem... You could expand this to any other service by
> > duplicating the lines and changing the port number.
> > 	Sincerely,
> > 	Jeremy T. Bouse
> > 	System Administrator
> > 
> >    Jeremy T. Bouse - SouthNet TeleComm Services, Inc - www.STSI.net
> >   PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198  19D0593E50E597E9
> >  Public PGP key availble by sending email with 'send pgpkey' in subject
> >      undrgrid at UnderGrid.net - NIC Whois: JB5713 - undrgrid at STSI.net
> >          /earth is 98% full ... please delete anyone you can.
> > 
> > 
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: 2.6.3a
> > Charset: noconv
> > 
> > iQCVAwUBNXhrouak13roPZrlAQH8fgP+PSXADDogoxD53IX6AWSdrj/af93FJa3x
> > VGjdTvLy7tCMZdxh+pGRvMJ4JPL1Udu65vGl7g5AtRUkm2VMgaAaZXkSBB9bu5Lo
> > 0yfAbCiVqEtNfceEoNGftAsvE2kUw2fKYv0xBpWTaQ78cxcNOH1X8GA3MDitbQp5
> > kytUbPaQoiw=
> > =MiP3
> > -----END PGP SIGNATURE-----
> > 
> 
> ---------------------------------------------------------------------------
> Robert L. Harris            |   Educate the Masses,
> Senior System Administrator |      Don't just help them to
>   at Great West Life.        \_       Remain ignorant.       
> 
> http://www.orci.com/~nomad
> 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!






More information about the Ale mailing list