|
|
|
# I have edited this file to simplify it,
# this setup should allow you to use the
# NATd deamon to allow multiple machines
# to share one IP almost transparently
# note the numbers after the lines with "add" in them allow you to remove rules via:
# /sbin/ipfw delete # where is the rule number to remove.
# also if you edit then execute this script you
# can reset the firewall to the values in here.
# clear all rules
/sbin/ipfw -f flush
# Only in rare cases do you want to change this rule
/sbin/ipfw add 1000 pass all from 127.0.0.1 to 127.0.0.1
# a couple of subnets and individual IPs
# i have decided to firewall out access to telnet and ftp
/sbin/ipfw add 1005 deny ip from 150.156.212.97 to any
/sbin/ipfw add 1500 deny ip from 149.15.0.0/16 to any 23
/sbin/ipfw add 1500 deny ip from 149.15.0.0/16 to any 21
/sbin/ipfw add 1500 deny ip from 149.15.0.0/16 to any 20
/sbin/ipfw add 1500 deny ip from 205.232.0.0/16 to any 23
/sbin/ipfw add 1500 deny ip from 205.232.0.0/16 to any 21
/sbin/ipfw add 1500 deny ip from 205.232.0.0/16 to any 20
# divert outgoing and incoming though NATd
# 'ed0' is my outside interface
# the number 8668 is the port that NATd listens to
/sbin/ipfw add 2000 divert 8668 all from any to any via ed0
# allow everyone else to go though, although the previous line make this not useful,
# however if i kill natd i don't want the system to freak out
/sbin/ipfw add 65000 pass all from any to any |
|
