November 19, 2008 02:23am pst

1. gheist 17,569
2. Tintin 5,950
3. Rowley 5,800
4. blu 5,200
5. TeRReF 4,000
5. sunnycoder 4,000
7. ravenpl 3,800
8. omarfarid 3,730
9. Blaz 3,172
10. lrmoore 2,000
10. mr_egypt... 2,000
10. jausions 2,000
10. dwaynec... 2,000
10. gbougiakas 2,000
10. KCTS 2,000
10. Arthur_M... 2,000
10. sda100 2,000
10. louisbohm 2,000
10. shakoush... 2,000
10. riotz 2,000
10. tprpics 2,000
10. sjm_ee 2,000
10. woolmilkp... 2,000
10. gnurl 2,000
25. richrumble 1,600

1. ahoffmann 58,928
2. gheist 45,908
3. yuzh 35,347
4. Tintin 32,873
5. ravenpl 18,155
6. jlevie 17,456
7. chris_cal... 14,021
8. wesly_c... 8,820
9. ppfoong 8,019
10. blu 7,425
11. liddler 7,400
12. sunnycoder 6,080
13. Rowley 5,800
14. PsiCop 4,792
15. amit_g 4,750
16. TeRReF 4,600
17. omarfarid 4,530
18. JustUNIX 3,400
19. Blaz 3,172
20. zgrp 3,000
20. sparks1... 3,000
22. sjm_ee 2,750
23. sppalser 2,640
24. nixfreak 2,525
25. tfewster 2,505

09.07.2008 at 04:19PM PDT, ID: 23710757 | Points: 500

	[x] Attachment Details

ipfw question about ruleset that locks me out when ran

Asked by W00dyW00d in FreeBSD, Unix Network Security, Consumer Firewalls

Tags: FreeBSD, ipfw

I got a ipfw script to use for a freebsd 6.2 server I have. When I run the script it locks me out. Can someone let me know what i need to change in order to get it working. I want to allow all traffic but limit based on the ruleset. I was thinking maybe I needed to allow all traffic at the end but i just wanted to make sure before i try it. Thanks

Start Free Trial

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:

           
           
             #!/bin/bash
 
ipfw -q flush
ipfwadd="let \"rule += 1\" ; ipfw -q add \$rule"
ipfwaddpipe="let \"rule += 1\" ; ipfw -q add \$rule pipe \$rule"
ipfwpipe="ipfw pipe \$rule"
netclass="24.18"
boxclass="24.18.146.0/24"
#mainip=`ifconfig | egrep "$netclass" | head -1 | awk '{ print $2 }' 2>/dev/null`
mainip="24.18.146.162"
 
## MAIN IP RULES ##
rule=10 ; let "rule -= 1"
if [ `echo $mainip | egrep "^$netclass" | wc -l` -eq "1" ]; then
 eval $ipfwadd deny tcp from any to $mainip 6660-6669,7000,7777 in
fi
 
## INCOMING TRAFFIC ##
rule=20 ; let "rule -= 1"
eval $ipfwaddpipe tcp from not $boxclass to any 22 setup in // INCOMING TRAFFIC: SSH TCP-SYN per DST_IP
eval $ipfwpipe config bw 1Mbit/s mask dst-ip 0xffffffff
 
eval $ipfwaddpipe icmp from any to any in // INCOMING TRAFFIC: ICMP
eval $ipfwpipe config bw 128Kbit/s
 
## OUTGOING TRAFFIC ##
rule=30 ; let "rule -= 1"
eval $ipfwaddpipe udp from any not 1-1023 to any out // OUTGOING TRAFFIC: UDP
eval $ipfwpipe config bw 3Mbit/s
 
 
eval $ipfwaddpipe tcp from any not 1-1023 to any setup out // OUTGOING TRAFFIC: TCP per SRC_IP
eval $ipfwpipe config bw 256Kbit/s mask src-ip 0xffffffff
 
eval $ipfwaddpipe icmp from any to any out // OUTGOING TRAFFIC: ICMP
eval $ipfwpipe config bw 128Kbit/s

           
         

Keywords: ipfw question about ruleset that locks …

	Title
1	PF Ruleset
2	Simple iptables ruleset with port 80 fo…
3	Firewall Rulesets 101 - directionality.
4	Modify ruleset to allow public web mail …
5	Best way to setup a needed ruleset fo…
6	Error: Selector expected. Ruleset ig…

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628