Firewall for Web Server with IPFW

Here are presented IPFW firewall rules for a Web Server. Step 1: Create a file: /etc/rc.firewall then put the following content in that file -------------------------------------------------------------------------------------------------------- (replace em0 with your network interface) #!/bin/sh cmd="/sbin/ipfw -q" wan_if="em0" $cmd flush $cmd pipe flush $cmd allow ip from any to any via lo0 $cmd add check-state $cmd add reset tcp from any to any established # allow HTTP traffic $cmd add allow tcp from any to me 80 setup in keep-state # allow DNS $cmd add allow udp from any to me 53 in keep-state $cmd add allow tcp from any to me 53 setup in keep-state # allow SMTP $cmd add allow tcp from any to me 25 setup in keep-state $cmd add allow tcp from any to me 22 setup in keep-state # allow FTP $cmd add allow tcp from any to me 21 setup in keep-state $cmd add allow tcp from any to me 20 setup in keep-state $cmd add allow tcp from me 20 to any setup out keep-state #allow POP3 $cmd add allow tcp from any to me 110 setup in keep-state #allow IMAP $cmd add allow tcp from any to me 143 setup in keep-state # allow ping $cmd add allow icmp from any to me icmptypes 8 in keep-state # allow traffic to server $cmd add allow tcp from me to any setup out keep-state $cmd add allow ip from me to any out keep-state $cmd add allow tcp from any to me setup in keep-state $cmd add allow ip from any to me in keep-state # deny everything else $cmd add deny tcp from any to any setup $cmd add deny ip from any to any Step 2: Add the following lines in rc.conf ------------------------------------------------------- firewall_enable="YES" firewall_script="/etc/rc.firewall" Step3: Run firewall script ----------------------------------- /etc/rc.firewall

 

< Prev		Next >