Hi

Seems like I'm asking the right question in the right place :)

I'm not too bad at iptables but found from experience that several 
Linux boxes were hacked around me even though they were configured 
properly.  So, a switch to BSD in some places revealed that it was 
harder for whoever it was to break in.  Depending on where you put it 
BSD can be better for some things.  I think we all know that ?

I'm afraid that my own understanding of IPF configuration isn't doing 
too well.  Read the FAQ at Obfuscation.org and some others.  Can't 
quite get it together.  Perhaps someone can point me in the right 
direction with this ?  

The rules that you can see below are the rough hack that I've been 
able to put together so far. I don't think it does what I want it to 
do but some of it works probably.  I've got a dialup ISDN line to my 
ISP which downloads e-mail and web pages as well as ftp (yes, I know 
it stinks as a protocol) sometimes.  So, I need to send and receive 
e-mail, web pages, and do some ftp with a bit of SSH sometimes for 
remote servers that I run.  I need a paranoid approach to this. Past 
attempts at being liberal resulted in hacked firewalls.   

Can anyone help to improve the rules below.  As I say, it's work in 
progress which needs to improve.  


pass out quick on lo0
pass in quick on lo0
block in all with frag
block in quick proto icmp all
block return-icmp in proto udp from any to any port > 5000
#block return-icmp (port-unr) in proto udp from any to any port > 5000
block in all with ipopts
block in log on ippp0 proto tcp from any to 192.168.1.0/24 flags S/SA 
block return-rst in quick proto tcp from any to any port = 113 flags 
S/SA 
block out log  on ippp0 proto tcp from 192.168.1.0/24 to any flags 
SA/SA 
#block in log quick on ippp0 proto tcp/udp from any to 192.168.1.0/24 
#port 5999><
#6010
#block in log quick on ippp0 proto tcp/udp from any to 192.168.1.0/24 
#port 22 >< 23
#block in log quick on ippp0 proto tcp/udp from any to 192.168.1.0/24 
#port 513 >< 514
block in quick  on ippp0 from 0.0.0.0/7 to any
block in log on ippp0 from 1.0.0.0/8 to any 
block in log on ippp0 from 2.0.0.0/8 to any
block in log on ippp0 from 5.0.0.0/8 to any
block in log on ippp0 from 7.0.0.0/8 to any 
block in log on ippp0 from 10.0.0.0/8 to any
block in log on ippp0 from 23.0.0.0/8 to any
block in log on ippp0 from 27.0.0.0/8 to any
block in log on ippp0 from 31.0.0.0/8 to any
block in log on ippp0 from 37.0.0.0/8 to any
block in log on ippp0 from 39.0.0.0/8 to any
block in log on ippp0 from 41.0.0.0/8 to any
block in log on ippp0 from 42.0.0.0/8 to any
block in log on ippp0 from 58.0.0.0/7 to any
block in log on ippp0 from 60.0.0.0/8 to any
block in log on ippp0 from 65.0.0.0/8 to any
block in log on ippp0 from 66.0.0.0/8 to any
block in log on ippp0 from 67.0.0.0/8 to any
block in log on ippp0 from 68.0.0.0/8 to any
block in log on ippp0 from 69.0.0.0/8 to any
block in log on ippp0 from 70.0.0.0/0 to any
block in log on ippp0 from 71.0.0.0/8 to any
block in log on ippp0 from 72.0.0.0/8 to any
block in log on ippp0 from 72.0.0.0/5 to any
block in log on ippp0 from 73.0.0.0/8 to any
block in log on ippp0 from 74.0.0.0/8 to any
block in log on ippp0 from 75.0.0.0/8 to any
block in log on ippp0 from 76.0.0.0/8 to any
block in log on ippp0 from 77.0.0.0/8 to any
block in log on ippp0 from 78.0.0.0/8 to any
block in log on ippp0 from 79.0.0.0/8 to any
block in log on ippp0 from 80.0.0.0/4 to any
block in log on ippp0 from 82.0.0.0/7 to any
block in log on ippp0 from 84.0.0.0/6 to any
block in log on ippp0 from 88.0.0.0/5 to any
block in log on ippp0 from 96.0.0.0/4 to any
block in log on ippp0 from 112.0.0.0/8 to any
block in log on ippp0 from 113.0.0.0/8 to any
block in log on ippp0 from 114.0.0.0/8 to any
block in log on ippp0 from 115.0.0.0/8 to any
block in log on ippp0 from 116.0.0.0/8 to any
block in log on ippp0 from 117.0.0.0/8 to any
block in log on ippp0 from 118.0.0.0/8 to any
block in log on ippp0 from 119.0.0.0/8 to any
block in log on ippp0 from 120.0.0.0/8 to any
block in log on ippp0 from 121.0.0.0/8 to any
block in log on ippp0 from 122.0.0.0/8 to any
block in log on ippp0 from 123.0.0.0/8 to any
block in log on ippp0 from 124.0.0.0/8 to any
block in log on ippp0 from 125.0.0.0/8 to any
block in log on ippp0 from 126.0.0.0/8 to any
block in log on ippp0 from 217.0.0.0/8 to any
block in log on ippp0 from 218.0.0.0/8 to any
block in quick on ippp0 from 219.0.0.0/8 to any
#block in proto tcp from any to any port =  111
pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 
0
pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 
11
block in log quick on ippp0 proto icmp from any to any
pass in all
#block out quick on ippp0 from 192.168.1.0/24 to any
#block out quick on ippp0 from 192.168.1.0/24 to 0.0.0.0/7
#block out quick on ippp0 from 192.168.1.0/24 to 2.0.0.0/8
#pass out all 






Richard