Aloha, I assume you are running either BSD or Solaris and have IPfilter and not Netfilter that comes with Linux. Do you have any IPfilter rules yet?
Here is a simple IPfilter ruleset that will allow ssh in from those specific IPs, and block ALL other traffic in, it will allow ALL traffic out and keep state on that traffic so it can get back in: ############################# # Begin Ruleset ############################# # Allow ssh traffic in # Flags S/SA only allows packets with the SYN and SYNACK flags set # This prevents many forms of portscanning such as FIN scanning pass in log quick on eth0 proto tcp from 63.13.13.2/32 to eth0/32 port = 22 flags S/SA keep state pass in log quick on eth0 proto tcp from 192.168.0.0/24 to eth0/32 port = 22 flags S/SA keep state # Deny all inbound traffic by protocol and catch anything that falls through other rules # RETURN-RST returns reset to give the appearence of no packet filter running and no services running # RETURN-ICMP-AS-DEST(port-unr) returns port-unreachable to give the appearence of no packet filter block return-rst in log quick on eth0 proto tcp from any to any block in log quick on eth0 proto icmp from any to any block return-icmp-as-dest(port-unr) in log quick on eth0 proto udp from any to any block in log quick on eth0 from any to any # Pass out all traffic and keep state to allow it to return # Flags S ensures state tracking only on the first outbound tcp packet pass out quick on eth0 proto tcp from any to any flags S keep state pass out quick on eth0 proto udp from any to any keep state pass out quick on eth0 proto icmp from any to any keep state ############################# # End Ruleset ############################# In casr line wrapps mess anything up, every line should start with #, block, or pass. Dusty > I recently upgraded a 7.1 RH machine and now I need a really quick > crash course in ipfilter. How can I convert the below to an ipfilter > format? I found some automated tools to go from ipfwadm to ipchains > but that is obviously not what I need. I am reading the RTFM's and I > will eventually get a grip on ipfilter but I don't want to leave > myself open in the mean time. Below is what I was using. It allows > SSH in from 2 places, localnet and my work firewall. I do not need a > full blown firewall because this machine is already behind one but > port 22 is forwarded here so I am limiting it locally. > > /sbin/ipchains -I input 1 -j ACCEPT -p tcp -s 63.13.13.2 -d 0/0 22 > /sbin/ipchains -I input 1 -j ACCEPT -p tcp -s 192.168.0.0/24 -d 0/0 2 > /sbin/ipchains -A input -j DENY -p tcp -s 0/0 -d 0/0 22 > > The only interface is eth0 and ip is 192.168.0.1 if ipfilter needs > that extra info. Maybe I'll have it working soon on my own but > thanks ahead for any tips. > > > > > _______________________________________________ > LUAU mailing list > [EMAIL PROTECTED] > http://videl.ics.hawaii.edu/mailman/listinfo/luau
