Here are presented IPFW firewall rules for a Web Server.
Step 1: Create a file: /etc/rc.firewall then put the following content
in that file
--------------------------------------------------------------------------------------------------------
(replace em0 with your network interface)
#!/bin/sh
cmd="/sbin/ipfw -q"
wan_if="em0"
$cmd flush
$cmd pipe flush
$cmd allow ip from any to any via lo0
$cmd add check-state
$cmd add reset tcp from any to any established
# allow HTTP traffic
$cmd add allow tcp from any to me 80 setup in keep-state
# allow DNS
$cmd add allow udp from any to me 53 in keep-state
$cmd add allow tcp from any to me 53 setup in keep-state
# allow SMTP
$cmd add allow tcp from any to me 25 setup in keep-state
$cmd add allow tcp from any to me 22 setup in keep-state
# allow FTP
$cmd add allow tcp from any to me 21 setup in keep-state
$cmd add allow tcp from any to me 20 setup in keep-state
$cmd add allow tcp from me 20 to any setup out keep-state
#allow POP3
$cmd add allow tcp from any to me 110 setup in keep-state
#allow IMAP
$cmd add allow tcp from any to me 143 setup in keep-state
# allow ping
$cmd add allow icmp from any to me icmptypes 8 in keep-state
# allow traffic to server
$cmd add allow tcp from me to any setup out keep-state
$cmd add allow ip from me to any out keep-state
$cmd add allow tcp from any to me setup in keep-state
$cmd add allow ip from any to me in keep-state
# deny everything else
$cmd add deny tcp from any to any setup
$cmd add deny ip from any to any
Step 2: Add the following lines in rc.conf
-------------------------------------------------------
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
Step3: Run firewall script
-----------------------------------
/etc/rc.firewall
Saturday, March 15, 2008
Firewall for Web Server with IPFW
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment