I'm not an IPFW expert so I'm using this (slightly tweaked) ruleset that I found on these forums.
For some reason, I can't at all connect to DNS on this server. DnsReport says "A timeout occurred getting the NS records from your nameservers!". Turn off the firewall and everything works fine.
What's wrong with my rules?
##############################
# IPFW RULES Server
##############################
cmd="ipfw -q add"
ipfw -q -f flush
##############################
# Allow loopback and deny loopback spoofing
##############################
$cmd 05 allow all from any to any via lo0
$cmd 10 deny all from any to 127.0.0.0/8
$cmd 15 deny all from 127.0.0.0/8 to any
$cmd 20 deny tcp from any to any frag
##############################
# Stateful Rules
##############################
$cmd 25 check-state
$cmd 30 allow tcp from any to any established
$cmd 35 allow all from any to any out keep-state
$cmd 40 allow icmp from any to any
##############################
# Incoming/outgoing services
##############################
$cmd 45 allow tcp from any to any 21 in setup keep-state
$cmd 46 allow udp from any to any 21 in setup keep-state
$cmd 50 allow tcp from any to any 22 in setup keep-state
$cmd 55 allow tcp from any to any 25 in setup keep-state
$cmd 60 allow udp from any to any 53 in setup keep-state
$cmd 61 allow tcp from any to any 53 in setup keep-state
$cmd 65 allow tcp from any to any 80 in setup keep-state
$cmd 70 allow tcp from any to any 443 in setup keep-state
$cmd 75 allow tcp from any to any 110 in setup keep-state
$cmd 80 allow tcp from any to any 143 in setup keep-state
$cmd 90 allow tcp from any to any 2222 in setup keep-state
$cmd 95 allow tcp from any to any 61000-61994 out setup keep-state
$cmd 100 allow tcp from any to any 8888 in setup keep-state
##############################
# Deny and log
##############################
$cmd 999 deny log all from any to any
Thanks!
For some reason, I can't at all connect to DNS on this server. DnsReport says "A timeout occurred getting the NS records from your nameservers!". Turn off the firewall and everything works fine.
What's wrong with my rules?
##############################
# IPFW RULES Server
##############################
cmd="ipfw -q add"
ipfw -q -f flush
##############################
# Allow loopback and deny loopback spoofing
##############################
$cmd 05 allow all from any to any via lo0
$cmd 10 deny all from any to 127.0.0.0/8
$cmd 15 deny all from 127.0.0.0/8 to any
$cmd 20 deny tcp from any to any frag
##############################
# Stateful Rules
##############################
$cmd 25 check-state
$cmd 30 allow tcp from any to any established
$cmd 35 allow all from any to any out keep-state
$cmd 40 allow icmp from any to any
##############################
# Incoming/outgoing services
##############################
$cmd 45 allow tcp from any to any 21 in setup keep-state
$cmd 46 allow udp from any to any 21 in setup keep-state
$cmd 50 allow tcp from any to any 22 in setup keep-state
$cmd 55 allow tcp from any to any 25 in setup keep-state
$cmd 60 allow udp from any to any 53 in setup keep-state
$cmd 61 allow tcp from any to any 53 in setup keep-state
$cmd 65 allow tcp from any to any 80 in setup keep-state
$cmd 70 allow tcp from any to any 443 in setup keep-state
$cmd 75 allow tcp from any to any 110 in setup keep-state
$cmd 80 allow tcp from any to any 143 in setup keep-state
$cmd 90 allow tcp from any to any 2222 in setup keep-state
$cmd 95 allow tcp from any to any 61000-61994 out setup keep-state
$cmd 100 allow tcp from any to any 8888 in setup keep-state
##############################
# Deny and log
##############################
$cmd 999 deny log all from any to any
Thanks!
