[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] [RaQ2] ipfwadm firewall
- Subject: [cobalt-security] [RaQ2] ipfwadm firewall
- From: "Gerald Waugh" <gerald@xxxxxxxxx>
- Date: Thu, 6 Sep 2001 20:58:41 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I need a little advice from on ipfwadm for RaQ2
will someone critique the following script
Please,
Gerald
# file: /etc/rc.d/rc.firewall
# running ipfwadm 2.30 on a RaQ2
# Sep 6, 2001
# ======= some defines ====== #
ETH0_IP="1.2.3.4"
RSYNC_REMOTE_IP="1.2.3.5"
NTP_SERVER="bonehed.lcs.mit.edu"
echo "Starting firewalling... "
# ======= Remove all existing rules belonging to this filter ===== #
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
# ======= The default policy of the filter to deny. ====== #
#ipfwadm -I -p deny
#ipfwadm -O -p reject
#ipfwadm -F -p reject
# ======= accept local ---------- #
ipfwadm -I -a accept -W 127.0.0.0/8
ipfwadm -O -a accept -W 127.0.0.0/8
# ===== (tcp) POP SMTP FTP HTTP HTTPS SSH DNS ==== #
ipfwadm -I -a accept -P tcp -S any/0 -D $ETH0_IP pop smtp ftp ftp-data www
domain 22 81 443 444
ipfwadm -O -a accept -P tcp -S $ETH0_IP -D any/0 pop smtp ftp ftp-data www
domain 22 81 443 444
# ======= (udp) DNS ======= #
ipfwadm -I -a accept -P udp -S any/0 -D $ETH0_IP domain
ipfwadm -O -a accept -P udp -S $ETH0_IP -D any/0 domain
# ======== (tcp) RSYNC ========== #
ipfwadm -I -a accept -P tcp -S $RSYNC_REMOTE_IP -D $ETH0_IP 873
ipfwadm -O -a accept -P tcp -S $ETH0_IP -D $RSYNC_REMOTE_IP 873
# ======== (tcp) NTP ========== #
ipfwadm -I -a accept -P tcp -S $NTP_SERVER -D $ETH0_IP ntp
ipfwadm -O -a accept -P tcp -S $ETH0_IP -D $NTP_SERVER ntp