Francesco Scaglione

User Tools

Site Tools

Trace: htop kino koha mail mutt bash cpus ipfw
ipfw

This is an old revision of the document!

È uno dei firewall di cui è dotato FreeBSD, ed è subito disponibile nella base. Per una configurazione minima, sempre ottimo il sito nixCraft:

http://www.cyberciti.biz/faq/howto-setup-freebsd-ipfw-firewall/

e naturalmente la pagina del manuale e quella dell'Handbook. 

root@NUC:~ # cat /etc/ipfw.rules 
IPF="ipfw -q add"
ipfw -q -f flush
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

###########################
### open port  ssh (33) ###
###########################

$IPF 165 allow tcp from any to any 33 in
$IPF 166 allow tcp from any to any 33 out

####################
### Transmission ###
####################

$IPF 250 allow all from any to any 51413 in
$IPF 251 allow all from any to any 51413 out

# Port web di Transmission per i PC nella LAN di casa
$IPF 300 allow all from 192.168.0.0/25 to any 9091 in
$IPF 301 allow all from 192.168.0.0/25 to any 9091 out

# Quello che segue mi sembra essere il nuovo (giugno 2016) IP fisso dell'Istituto
$IPF 320 allow tcp from 194.206.179.1 to any 9091 in
$IPF 321 allow tcp from 194.206.179.1 to any 9091 out

# Quello che segue mi sembra essere l'IP di Cuneo
$IPF 330 allow tcp from 151.32.69.218 to any 9091 in
$IPF 331 allow tcp from 151.32.69.218 to any 9091 out

###########
### WEB ###
###########

$IPF 400 allow tcp from any to any 80 in
$IPF 410 allow tcp from any to any 80 out

#############
### Samba ###
#############

$IPF 465 allow all from any to any 81 in
$IPF 466 allow all from any to any 81 out

$IPF 470 allow all from any to any 137 in
$IPF 471 allow all from any to any 137 out

$IPF 472 allow all from any to any 138 in
$IPF 473 allow all from any to any 138 out

$IPF 474 allow all from any to any 139 in
$IPF 475 allow all from any to any 139 out

$IPF 476 allow all from any to any 445 in
$IPF 477 allow all from any to any 445 out

####################
### Resilio Sync ###
####################

# Port web di Syn per la LAN di casa

$IPF 480 allow all from 192.168.0.0/25 to any 8888 in
$IPF 481 allow all from 192.168.0.0/25 to any 8888 out

# Dall'Istituto

$IPF 485 allow all from 81.80.151.159 to any 8888 in
$IPF 486 allow all from 81.80.151.159 to any 8888 out

# Apro il port di ascolto di Resilio Sync
$IPF 490 allow all from any to any 27698 in
$IPF 491 allow all from any to any 27698 out

# Questo serve per scoprire dei peer sulla LAN
$IPF 495 allow udp from any to any 3838 in
$IPF 496 allow udp from any to any 3838 out

# deny and log everything
$IPF 500 deny log all from any to any
ipfw.1549294022.txt.gz · Last modified: 2019/02/04 16:27 by francesco