The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Blocking port or Address ?
Author: anonymous 
Date:   21-12-02 02:24

Can somebody help me check out my firewall scripts ? It's Ok?

this is my firewall scripts (rl0 is interface for outside and rl1 is interface to inside network)

rc.firewall
/sbin/ipfw -f flush
/sbin/ipfw add 500 divert natd all from any to any via rl0
/sbin/ipfw add 600 pass all from any to any
/sbin/ipfw add 700 allow tcp from any to any established

#MORPHEUS: 206.142.53.0/24
#NAPSTER: 208.195.149.0/24 , 64.124.41.0/24, 208.184.216.223/24
#WINMX: 209.61.186.0/24 , 64.49.201.0/24
#AUDIO GALAXY:64.245.58.0/23
#NAPIGATOR:209.25.178.0/24
#AIMSTER: 205.188.0.0/16 TCP 53
#IMESH: 216.35.208.0/24, 212.35.208.0/24

#Morpheus
/sbin/ipfw add 800 drop log all from 192.168.1.0/24 to 206.142.53.0/24 via rl0
/sbin/ipfw add 805 drop log all from 206.142.53.0.0/24 to 192.168.1.0/24 via rl0

#Napster
/sbin/ipfw add 810 drop log all from 192.168.1.0/24 to 208.195.149.0/24 via rl0
/sbin/ipfw add 815 drop log all from 202.195.149.0/24 to 192.168.1.0/24 via rl0
/sbin/ipfw add 820 drop log all from 192.168.1.0/24 to 64.124.41.0/24 via rl0
/sbin/ipfw add 825 drop log all from 64.124.41.0/24 to 192.168.1.0/24 via rl0
/sbin/ipfw add 830 drop log all from 192.168.1.0/24 to 208.184.216.223/24 via rl0
/sbin/ipfw add 835 drop log all from 208.184.216.223/24 to 192.168.1.0/24 via rl0

#WinMX
/sbin/ipfw add 840 drop log all from 192.168.1.0/24 to 209.61.186.0/24 via rl0
/sbin/ipfw add 845 drop log all from 209.61.186.0/24 to 192.168.1.0/24 via rl0
/sbin/ipfw add 950 drop log all from 192.168.1.0/24 to 64.49.201.0/24 via rl0
/sbin/ipfw add 955 drop log all from 64.49.201.0/24 to 192.168.1.0/24 via rl0

#AudioGalaxy
/sbin/ipfw add 960 drop log all from 192.168.1.0/24 to 64.245.58.0/23 via rl0
/sbin/ipfw add 965 drop log all from 64.245.58.0/23 to 192.168.1.0/24 via rl0

#Napigator
/sbin/ipfw add 970 drop log all from 192.168.1.0/24 to 209.25.178.0/24 via rl0
/sbin/ipfw add 975 drop log all from 209.25.178.0/24 to 192.168.1.0/24 via rl0

#Aimster
/sbin/ipfw add 980 drop log all from 192.168.1.0/24 to 205.188.0.0/16 via rl0
/sbin/ipfw add 985 drop log all from 205.188.0.0/16 to 192.168.1.0/24 via rl0

#Imesh
/sbin/ipfw add 990 drop log all from 192.168.1.0/24 to 216.35.208.0/24 via rl0
/sbin/ipfw add 995 drop log all from 216.35.208.0/24 to 192.168.1.0/24 via rl0
/sbin/ipfw add 1000 drop log all from 192.168.1.0/24 to 212.35.208.0/2 via rl0
/sbin/ipfw add 1005 drop log all from 212.35.208.0/24 to 192.168.1.0/24 via rl0


#Port Kazzaa
/sbin/ipfw add 2000 drop log tcp from 192.168.1.0/24 to any 1214 via rl0
/sbin/ipfw add 2010 drop log tcp from any 1214 to 192.168.1.0/24 via rl0

#Port AudioGalaxy
/sbin/ipfw add 2020 drop log tcp from 192.168.1.0/24 to any 41000-41999 via rl0
/sbin/ipfw add 2030 drop log tcp from any 41000-41999 to 192.168.1.0/24 via rl0

#Port Bearshare/Gnutella
/sbin/ipfw add 2040 drop log tcp from 192.168.1.0/24 to any 6346 via rl0
/sbin/ipfw add 2050 drop log tcp from any 6346 to 192.168.1.0/24 via rl0

#==== end =====


is this firewall can stop using some ptp application such as imesh, kazza audiogalaxy etc..?

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org