1. I need help to reconfigure my firewall on the server using BSD's ipfw
here is part of the configuration file so far that the Co-lo people put in.
2. short of a reboot how do you start stop and restart the firewall
export IPF="ipfw -q add"
ports="11 21 22 23 25 37 42 43 53 63 69 70 80 101 109 110 115 119 123 143 443
clearaddresses="220.127.116.11/16 18.104.22.168/16 22.214.171.124/19 126.96.36.199/17 blah
ipfw -q -f flush
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
$IPF 50 allow icmp from any to any
for a in $clearaddresses; do
$IPF $count allow ip from $a to any
$IPF $(($count+1)) allow ip from any to $a
for p in $ports; do
$IPF $count allow ip from any to any $p in
$IPF $(($count+1)) allow ip from any to any $p out
$IPF $(($count+2)) allow ip from any $p to any in
$IPF $(($count+3)) allow ip from any $p to any out
$IPF 5000 deny log all from any to any
echo Firewall created
Here is what i want :
1. i want all ports open to the ipaddresses in line 4 "clearaddresses"
2. I want to be able to control access to port 25 sendmail to be able to deny
whole "A" "B" and "C" addresses
Why because of the following:
1. Hosts.access on freebsd works on the Application Layer instead of the
Therefore Hosts.allow/hosts.deny no longer works the way i want and i do not
feel like running Sendmail and sshd out of Inetd which appearantly is the only
way to be able to use hosts.allow/deny
2. Next openssh doesnot have an AllowHosts directive like the Finnish one does
it only has an AllowUsers directive so i need to protect the system from DDOS
attacks and Hacking
I already tried to block things using the Sendmail Access file but all that did
was choak up the server with moronic shit. And i want to be able to use my
sftp program but it opens random ports which can not be controlled so i need
the Clearaddresses to be able to see all ports.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"