by Hello Ipfilter gurus!
I know this request is pretty lame, (i gotta read those RTFM, man page
etc,
etc) but I want to convert my firewall settings (as i'm moving to
sparc, sol 8 ipfilter .....). I've been using ipchains for couple of
years, now, its time to upgrade ... what do you think?
my current ipchains rules are closer to these rules .... i want to
change this up to ipfilter .... can anyone help me out, please?
# my Interface to Internet, using dynamic ip
EXTIF=ppp0
ANY=0.0.0.0/0
# assigning and flushing my old rules
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY
ipchains -F forward
ipchains -F input
ipchains -F output
# Deny TCP and UDP packets to privileged ports
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY
# Deny TCP connection attempts
ipchains -A input -l -i $EXTIF -p tcp -y -j DENY
# Deny ICMP echo-requests
ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY
# Do masquerading to these ip's
ipchains -A forward -i $EXTIF -s 192.168.x.11 -j MASQ
ipchains -A forward -i $EXTIF -s 192.168.x.12 -j MASQ
ipchains -A forward -i $EXTIF -s 192.168.x.10 -j MASQ
ipchains -A forward -i $EXTIF -s 192.168.x.15 -j MASQ
# packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Thanks in advance!
cheers
raqueeb hasssan
bangladesh