#!/bin/sh
ipfw -f flush
ipfw add 100 pass all from any to any via lo0
ipfw add deny all from 127.0.0.1 to any
ipfw add deny all from any to 127.0.0.1

### Table IP list ##

ipfw table 1 flush
ipfw table 1 add 93.73.211.17
ipfw table 1 add 88.208.49.0/24
ipfw table 1 add 88.208.0.208

##  Allow Estabilished connection  ##

ipfw add allow tcp from any to any established

##  ##

ipfw add allow tcp from table\(1\) to me dst-port 1024-65535 setup keep-state

## Open Port OpenVPN ###

ipfw add allow all from any to any via tun0
ipfw add allow udp from table\(1\) to me 1194
ipfw add allow udp from me 1194 to any

## Allow port NFS  ##

ipfw add allow all from table\(1\) to me dst-port 1007,111,2049 setup keep-state

## Allow fragmentation ##

ipfw add allow ip from any to any frag

## Allow tcp ##

ipfw add allow tcp from me to any setup 

## Allow DNS ##

ipfw add allow tcp from any to me dst-port 53 setup
ipfw add allow udp from any to me dst-port 53
ipfw add allow udp from me 53 to any

## Allow Open ports http,https,apache_mon,ssh ##

ipfw add allow tcp from any to me dst-port 80,443,82 setup
ipfw add allow tcp from any to me dst-port 222 setup

ipfw add allow tcp from table\(1\) to me dst-port 20 setup
ipfw add allow tcp from table\(1\) to me dst-port 21 setup

## Allow Open ports squid proxy,mpd5(pptp) ##

ipfw add allow tcp from table\(1\) to me dst-port 9080 setup keep-state
ipfw add allow tcp from table\(1\) to me dst-port 1723 setup keep-state
ipfw add allow gre from table\(1\) to me
ipfw add allow gre from me to table\(1\)

## Allow ICMP ##

ipfw add allow icmp from any to any icmptypes 0,8,11

## Allow Open ports, mysql-server,memcached,redis ##

ipfw add allow tcp from table\(1\) to me dst-port 3306,11211,6380,6379 setup

##Allow DNS request ##

ipfw add allow udp from me to any dst-port 53 keep-state

## NAT  ##

ipfw add divert natd all from 192.168.0.0/24 to any out via xn0
ipfw add divert natd all from any to 192.243.48.174 in via xn0

## Deny all all traffic ##
ipfw add deny ip from any to any

vim /etc/rc.conf


# Firewall  #
firewall_enable="YES"
firewall_script="/etc/firewall.rules"

IPFW

results matching ""

No results matching ""