Quote:
Originally Posted by gazman1
I have read the ipfw man page and find it difficult to understand, what I want to do is set up the firewall to allow ssh & ftp connections from only mypc123.com and mypc456.com and block and log everything else.
|
The basic ipfw addition command looks something like this:
Code:
ipfw [ rulenum ] add ( allow | deny ) proto from address [ port ] to address [ port ] [ options ]
You can also use the shortcut phrase "me" to refer to any IP address on a local interface, which makes for more readable rules. The options refers to various extraneous options, the most popular of which is keep-state. This means that when the rule is evaluated for a connection, that evaluation is kept in memory as long as that connection persists. It's a bit of an optimization, in other words. Here's a ruleset that I think should do what you want:
Code:
add allow all from any to any via lo0
add allow tcp from mypc123.com, mypc456.com to me 22 # SSH
add allow tcp from me 22 to mypc123.com, mypc456.com # SSH
add allow tcp from mypc123.com, mypc456.com to me 21 # FTP Control
add allow tcp from me 21 to mypc123.com, mypc456.com # FTP Control
add allow tcp from me 1024-65535 to mypc123.com, mypc456.com # Passive FTP Transfer
add deny log all from any to any
The basic ipfw delete command looks like:
Code:
ipfw rulenum delete
As a warning, there is one thing I'm uncertain about the above syntax. If you use a domain name instead of an IP address, you may need to have that domain name defined in /etc/hosts. Other than that, I'm pretty sure this will work as you requested.