In the last episode (Aug 27), Aminuddin said: > Will give this a try. Since my server is a remote server that I can > accessed only by ssh, what are other rules do I need to add in? I > don't want to have a situation where I will lock myself out.
The safest method is to have a serial console configured, so even if you completely mess up your firewall you can still get to it. Otherwise, add some rules as the very beginning that permit traffic to/from the server you are ssh'ing in from, and start off using "count log" rules instead of "deny", so you can tell which packets are being matched. > Is it correct to say that the rules that I put in will only block > those in the rules and allow all that are not in the rules? ipfw always has a final rule 65536, which is either "allow ip from any to any" or "deny ip from any to any" depending on whether the kernel option "IPFIREWALL_DEFAULT_TO_ACCEPT" was set or not. -- Dan Nelson [EMAIL PROTECTED] _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"