In the last episode (Aug 27), Aminuddin said:
> Will give this a try. Since my server is a remote server that I can
> accessed only by ssh, what are other rules do I need to add in? I
> don't want to have a situation where I will lock myself out.

The safest method is to have a serial console configured, so even if
you completely mess up your firewall you can still get to it. 
Otherwise, add some rules as the very beginning that permit traffic
to/from the server you are ssh'ing in from, and start off using "count
log" rules instead of "deny", so you can tell which packets are being
matched.
 
> Is it correct to say that the rules that I put in will only block
> those in the rules and allow all that are not in the rules?

ipfw always has a final rule 65536, which is either "allow ip from any
to any" or "deny ip from any to any" depending on whether the kernel
option "IPFIREWALL_DEFAULT_TO_ACCEPT" was set or not.

-- 
        Dan Nelson
        [EMAIL PROTECTED]
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to