1. I need help to reconfigure my firewall on the server using BSD's ipfw here is part of the configuration file so far that the Co-lo people put in.
2. short of a reboot how do you start stop and restart the firewall #!/usr/local/bin/bash export IPF="ipfw -q add" ports="11 21 22 23 25 37 42 43 53 63 69 70 80 101 109 110 115 119 123 143 443 4321 50001" clearaddresses="209.131.0.0/16 66.65.0.0/16 71.173.96.0/19 71.173.128.0/17 blah blah" count=60 ipfw -q -f flush $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag $IPF 50 allow icmp from any to any for a in $clearaddresses; do $IPF $count allow ip from $a to any $IPF $(($count+1)) allow ip from any to $a count=$(($count+10)) done for p in $ports; do $IPF $count allow ip from any to any $p in $IPF $(($count+1)) allow ip from any to any $p out $IPF $(($count+2)) allow ip from any $p to any in $IPF $(($count+3)) allow ip from any $p to any out count=$(($count+10)) done $IPF 5000 deny log all from any to any echo Firewall created Here is what i want : 1. i want all ports open to the ipaddresses in line 4 "clearaddresses" 2. I want to be able to control access to port 25 sendmail to be able to deny whole "A" "B" and "C" addresses Why because of the following: 1. Hosts.access on freebsd works on the Application Layer instead of the Network Layer Therefore Hosts.allow/hosts.deny no longer works the way i want and i do not feel like running Sendmail and sshd out of Inetd which appearantly is the only way to be able to use hosts.allow/deny 2. Next openssh doesnot have an AllowHosts directive like the Finnish one does it only has an AllowUsers directive so i need to protect the system from DDOS attacks and Hacking I already tried to block things using the Sendmail Access file but all that did was choak up the server with moronic shit. And i want to be able to use my sftp program but it opens random ports which can not be controlled so i need the Clearaddresses to be able to see all ports. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"