1.  I need help to reconfigure my firewall on the server using BSD's ipfw

here is part of the configuration file so far that the Co-lo people put in.

2. short of a reboot how do you start stop and restart the  firewall


export IPF="ipfw -q add"

ports="11 21 22 23 25 37 42 43 53 63 69 70 80 101 109 110 115 119 123 143 443 
4321 50001"
clearaddresses=" blah 

ipfw -q -f flush

$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to
$IPF 30 deny all from to any
$IPF 40 deny tcp from any to any frag
$IPF 50 allow icmp from any to any

for a in $clearaddresses; do
        $IPF $count allow ip from $a to any
        $IPF $(($count+1)) allow ip from any to $a

for p in $ports; do
        $IPF $count allow ip from any to any $p in
        $IPF $(($count+1)) allow ip from any to any $p out
        $IPF $(($count+2)) allow ip from any $p to any in
        $IPF $(($count+3)) allow ip from any $p to any out

$IPF 5000 deny log all from any to any
echo Firewall created

Here is what i want :

1. i want all ports open to the ipaddresses in line 4 "clearaddresses"
2. I want to be able to control access to port 25 sendmail to be able to deny
      whole "A" "B" and "C" addresses

Why because of the following:

1. Hosts.access  on freebsd works on the Application Layer instead of the 
Network Layer
Therefore Hosts.allow/hosts.deny   no longer works the way i want and i do not 
feel like running Sendmail and sshd out of Inetd which appearantly is the only 
way to be able to use hosts.allow/deny

2. Next openssh doesnot have an AllowHosts directive like the Finnish one does 
it only has an AllowUsers directive so i need to protect the system from DDOS 
attacks and Hacking
I already tried to block things using the Sendmail Access file but all that did 
was choak up the server with moronic shit.  And i want to be able to use my 
sftp program but it opens random ports which can not be controlled so i need 
the Clearaddresses to be able to see all ports.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to