#!/bin/bash ########################################################################## # IPFWADM VERSION # This sample (Web design software)
#!/bin/bash ########################################################################## # IPFWADM VERSION # This sample configuration is for a single host firewall configuration # with no services supported by the firewall machine itself. ########################################################################## # USER CONFIGURABLE SECTION # The name and location of the ipfwadm utility. Use ipfwadm-wrapper for # 2.2.* kernels. IPFWADM=ipfwadm # The path to the ipfwadm executable. PATH=”/sbin” # Our internal network address space and its supporting network device. OURNET=”172.29.16.0/24″ OURBCAST=”172.29.16.255″ OURDEV=”eth0″ # The outside address and the network device that supports it. ANYADDR=”0/0″ ANYDEV=”eth1″ # The TCP services we wish to allow to pass -”" empty means all ports # note: space separated TCPIN=”smtp www” TCPOUT=”smtp www ftp ftp-data irc” # The UDP services we wish to allow to pass -”" empty means all ports # note: space separated UDPIN=”domain” UDPOUT=”domain” # The ICMP services we wish to allow to pass -”" empty means all types # ref: /usr/include/netinet/ip_icmp.h for type numbers # note: space separated ICMPIN=”0 3 11″ ICMPOUT=”8 3 11″ # Logging; uncomment the following line to enable logging of datagrams # that are blocked by the firewall. # LOGGING=1 # END USER CONFIGURABLE SECTION ########################################################################### # Flush the Incoming table rules $IPFWADM -I -f # We want to deny incoming access by default. $IPFWADM -I -p deny # SPOOFING # We should not accept any datagrams with a source address matching ours # from the outside, so we deny them. $IPFWADM -I -a deny -S $OURNET -W $ANYDEV # SMURF # Disallow ICMP to our broadcast address to prevent “Smurf” style attack. $IPFWADM -I -a deny -P icmp -W $ANYDEV -D $OURBCAST # TCP