This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig74843B147AA57DA027EFECA7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hello all,

   I want to do a tight lockdown of a server I am using, and only allow
external access to it via ssh on ep0 (ep1 is internal), with the
exception of any potential essential protocols. I am using this ipf.conf:
----------------------------------------
# restrict all
block in all
block out all

# Allow unrestricted loopback
pass in quick on lo0 all
pass out quick on lo0 all

# Allow unresticted ep1 (for now)
pass in quick on ep1 all
pass out quick on ep1 all

# Allow incoming ssh, and keep its state
block out quick on ep0 all
pass in quick on ep0 proto tcp from any to any port = ssh keep state

# dhclient
pass out quick on ep0 proto udp from any to any port = 67 keep state
keep frags
pass in quick on ep0 proto udp from any to any port = 68 keep state keep
frags

# traceroute
pass in quick on ep0 proto icmp from any to any icmp-type 3 keep state
keep frags
pass in quick on ep0 proto icmp from any to any icmp-type 11 keep state
keep frags
----------------------------------------

   Is what I have there correct, especially with regards to dhcp? I
assume that something is wrong, because when I tried "dhclient ep0", I
lost contact with the system, and ipf had to be disabled to regain
contact with it.

   I know very little about networking, but I'm trying to learn, so
please keep it simple if possible.


-- 
Kind Regards,
Jan Danielsson
Nobody loves a cynic

--------------enig74843B147AA57DA027EFECA7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFC2sbW8wBCTJQ8HEIRAna9AJ0TwV81GNIwKxyR+mwz8MdoN2D8kgCgimT5
PZtEhzdMuEjmE9C39jbFX6E=
=c4o9
-----END PGP SIGNATURE-----

--------------enig74843B147AA57DA027EFECA7--