port-i386: Re: ipf.conf rulesets for outside firewall.

Subject: Re: ipf.conf rulesets for outside firewall.
To: Alicia da Conceicao <alicia@cyberstation.ca>
From: Rene Hexel <rh@idle.trapdoor.vip.at>
List: port-i386
Date: 01/06/2000 14:03:30

Alicia da Conceicao wrote:

> Any ideas on what rulesets I need for ipf.conf to do this.

  Basically, what you do is block everything and then let through the
services you want (the followin example uses groups to make things more
readable):

block in log on fxp1 all head 100
block in log proto tcp all flags S/SA head 101 group 100
block in log proto udp all head 102 group 100
pass in quick proto tcp from any to any port = 22 keep state group 101
pass in quick proto udp from any to any port = 22 keep state group 102
pass in quick proto udp from any to any port = 53 keep state group 102
...

  Cheers
      ,
   Rene