Security Basics mailing list archives

Re: newbie firewall question

From: "Chris Berry" <compjma () hotmail com>
Date: Fri, 11 Oct 2002 17:40:04 -0700

block in on rl0 all
pass  in on rl0 inet proto tcp from any to any port 22
pass  in on rl0 inet proto tcp from any to any port 80
pass  in on rl0 inet proto tcp from any to any port 443
pass out on rl0 all

   my office doesn't have Internet access...,
   What's wrong?, what can I read to learn this?

I don't know anything about BSD, but, most firewalls process the rules inorder and stop at the first match, in which case you need:

pass  in on rl0 inet proto tcp from any to any port 22
pass  in on rl0 inet proto tcp from any to any port 80
pass  in on rl0 inet proto tcp from any to any port 443
block in on rl0 all
pass out on rl0 all

This would allow tcp in on 22,80,443 blocking all other incoming and allowall outgoing.


Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"I have found the way, and the way is Perl."


_________________________________________________________________

MSN Photos is the easiest way to share and print your photos:http://photos.msn.com/support/worldwide.aspx

Current thread:

Re: newbie firewall question Eimantas V (Oct 15)
- <Possible follow-ups>
- Re: newbie firewall question Chris Berry (Oct 15)
- newbie firewall question admin-f (Oct 15)
- Re: newbie firewall question Joe Barrett (Oct 15)
- Re: newbie firewall question G . Camozzi (Oct 15)
- RE: newbie firewall question Chris Santerre (Oct 16)