Question w/ IPFW - rulesets...

hi,

i just recompiled my server i have at NAC and added ipfirewall support. recompile went fine and the machine is back up and working perfect (first time recompiling a kernel, so it makes me happy Question w/ IPFW - rulesets... )

to not lock myself out of my box, i added the "IPFIREWALL_DEFAULT_TO_ACCEPT" option.

i have a question on now how to go about configuring it. i'd like to add ssh, ftp, pop, smtp, httpd, etc.. right now `ipfw list` brings up:

server# ipfw list
65535 allow ip from any to any
now could someone tell me how to go about 1) adding the ports above, and then 2) setting it to it denys all ports except for the ones i listed (like ssh)? i believe the command is this:

ipfw add 01000 allow tcp from any to any :port:
so i added two ports to try it out, and this is what it looks like now:

server# ipfw list
01000 allow tcp from any to any 22
01001 allow tcp from any to any 80
01002 allow tcp from any to any 21
65535 allow ip from any to any
is this correct? if so, what would i do to the last 65535 line to deny it from all and just keep open the ones listed above it? from what i understand since its the last #, it has the final say, so if i changed it to deny from all, the commands above it would beu seless, and lock me out, so i come here for help

please help Question w/ IPFW - rulesets...

 

 

 

 

Top