:wq - blog » firewall http://writequit.org/blog Tu fui, ego eris Mon, 22 Dec 2014 14:54:59 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.5 A good set of baseline ipfw firewall rules for Mac OSX http://writequit.org/blog/2007/11/16/a-good-set-of-baseline-ipfw-firewall-rules-for-mac-osx/ http://writequit.org/blog/2007/11/16/a-good-set-of-baseline-ipfw-firewall-rules-for-mac-osx/#comments Fri, 16 Nov 2007 18:24:45 +0000 http://writequit.org/blog/?p=89 I want to point out the excellent baseline firewall rules posted by rmogull over on his blog. Check them out if you’re looking for a starting point for ipfw rules on OSX. Thanks rmogull!

]]>
http://writequit.org/blog/2007/11/16/a-good-set-of-baseline-ipfw-firewall-rules-for-mac-osx/feed/ 0
Solaris firewall configuration http://writequit.org/blog/2007/05/17/solaris-firewall-configuration/ http://writequit.org/blog/2007/05/17/solaris-firewall-configuration/#comments Thu, 17 May 2007 21:29:58 +0000 http://writequit.org/blog/?p=52 #
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
# Block evil packets
block in log quick all with short

# Allow everything from our DNS servers in
pass in quick from 128.222.228.235/32 to any keep state
pass in quick from 128.222.228.236/32 to any keep state
pass in quick from 128.222.12.10/32 to any keep state
pass in quick from 10.5.140.176/32 to any keep state

# Let our iscsi traffic in
pass in quick from any to any port = 3260 keep state
pass in quick from 10.5.140.151/32 to any keep state

# Allow SSH access in
pass in quick proto tcp from any to any port = 22 keep state

# Allow and log icmp packets
pass in log quick proto icmp all keep state

# Allow access to the rest of the world
pass out quick from any to any keep state

# Explicitly block telnet and everything else
block in quick proto tcp from any to any port = 23
block in quick from any to any

Yep, pretty basic. I have to say, I think I might actually like ipfilter better than iptables. Maybe that’s only because I’ve only done basic stuff with it so far.

]]>
http://writequit.org/blog/2007/05/17/solaris-firewall-configuration/feed/ 0
Linux firewall configuration http://writequit.org/blog/2007/05/17/linux-firewall-configuration/ http://writequit.org/blog/2007/05/17/linux-firewall-configuration/#comments Thu, 17 May 2007 20:59:25 +0000 http://writequit.org/blog/?p=51 Basic iptables firewall conf only letting ssh and DNS through:

# Generated by iptables-save v1.2.11 on Thu May 17 14:52:04 2007
*filter
:INPUT DROP [13164:946396]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 128.222.228.235 -p tcp -j ACCEPT
-A INPUT -s 128.222.228.235 -p udp -j ACCEPT
-A INPUT -s 128.222.228.236 -p tcp -j ACCEPT
-A INPUT -s 128.222.228.236 -p udp -j ACCEPT
-A INPUT -s 128.222.12.10 -p tcp -j ACCEPT
-A INPUT -s 128.222.12.10 -p udp -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -j ACCEPT
-A OUTPUT -p udp -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
COMMIT
# Completed on Thu May 17 14:52:04 2007

(128.222.228.235/236 and 128.221.12.10 are our DNS servers, I also accept pings too because I’m nice like that and people around here tend to freak out if they can’t ping their machine. I also let anything out, easy to comment out to deny outbound traffic.)

]]>
http://writequit.org/blog/2007/05/17/linux-firewall-configuration/feed/ 0