Ok, i changed my original rules. I'm going to use both the ruleset you recommended and these ones (not at the same time though :). And see which one gives me the least trouble.
greetings, jurjen. #!/bin/sh ipfw -q flush cmd="ipfw -q add" ks="keep-state" oif="ath0" #sort in en out packets $cmd 1 skipto 15 ip from any to any in recv $oif $cmd 2 skipto 100 ip from any to any out xmit $oif #setup the loopback $cmd 011 allow all from any to any via lo0 $cmd 012 deny all from any to 127.0.0.0/8 $cmd 013 deny ip from 127.0.0.0/8 to any $cmd 014 allow icmp from any to any #### # Outgoing (15) #check state of incoming packets $cmd 015 check-state #internet sites: $cmd 020 allow tcp from me to any 80 out via $oif setup $ks #allow dns queries $cmd 025 allow udp from me to any 53 out via $oif $ks #to stack $cmd 030 allow all from me to 131.155.0.0/16 via $oif $ks #e-mail pop $cmd 040 allow tcp from me to any 110 out via $oif setup $ks #imap #$cmd 041 allow tcp from me to any 143 out via $oif setup $ks #allow ssh $cmd 050 allow all from me to any 22 out via $oif setup $ks #https $cmd 054 allow tcp from me to any 443 out via $oif setup $ks #gopher $cmd 055 allow tcp from me to any 70 out via $oif setup $ks #root can do anything $cmd 070 allow log all from me to any out via $oif setup $ks uid root #### # Incoming (100) #log ACK packets that did'nt match the dynamic ruleset $cmd 100 deny log all from any to any established in via $oif #default: deny ip from any to any _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
