Board index Solaris

ipfilter rule set

ipfilter rule set

Post by Robert Recchi » Sun, 13 Oct 2002 10:40:06



The machine is not a server - i basically use it for studying and learning
perl - The question im asking is that when im at work i get study time and i
log into my ultra 5 at home through ssh and study - I would like to know if
these lines for ipfilter limit the ssh service to just 2 ip address my xp
box at home and my work ip .

pass in log quick on hme0  proto tcp from (Xp ip address) to (ultra 5 ip)
port = (ssh port)
pass in log quick on hme0 proto tcp from (Work IP) to (ultra 5 ip) port =
(ssh port)
block in all

Would be this be suffiecient security for that service - From what i read if
any other packet comes in and it does match the forst 2 rules then the
packet will be blocked . Am i reading into this corerctly.

 
 
 
Top

ipfilter rule set

Post by Hannu Liljema » Sun, 13 Oct 2002 16:33:44



> I would like to know if these lines for ipfilter limit the ssh service
> to just 2 ip address my xp box at home and my work ip .

> pass in log quick on hme0  proto tcp from (Xp ip address) to (ultra 5 ip)
> port = (ssh port)
> pass in log quick on hme0 proto tcp from (Work IP) to (ultra 5 ip) port =
> (ssh port)
> block in all

> Would be this be suffiecient security for that service - From what i read if
> any other packet comes in and it does match the forst 2 rules then the
> packet will be blocked . Am i reading into this corerctly.

that looks correct.

ipfilter comes with the simple-to-understand examples you could also
take a look along with the FAQ and other documentation to help you
understand how it works. there's also some tutorials available via
google and ipfilter mailing list sometimes has interesting discussion.

 
 
 
Top

1. ipfilter rule set..?

Hello:

I am a newbie to ipfilter and want to use it to control access to
my machine in office (SunBlade running Solaris-8).

I have written the following ruleset for ipfilter (incoming traffic
only) and I want unrestricted traffic from my machine to world. I
need help with this as outgoing traffic is being blocked
(telnet/ftp/smtp etc.)? Any pointers?

-ishwar
--------
#       IPfilter rules for Solaris-8 7/31/01
#  Allow ftp/telnet from mysubnet to host BUT unrestricted
#  access from host to outside world..
#
#  MYIPADR -- hostipaddress
#  MYSUBNET -- subnetipaddress
# local -- lo0
pass in quick on lo0 all

# address spoofing
block in quick on eri0 from 127.0.0.0/8 to any
block in quick on eri0 from MYIPADR to any

# ftp(20/21), ssh(22), telnet(23), smtp(25), http(80)
pass in quick on eri0 proto tcp from MYSUBNET to any port = 20
pass in quick on eri0 proto tcp from MYSUBNET to any port = 21
pass in quick on eri0 proto tcp from any to any port = 22
pass in quick on eri0 proto tcp from MYSUBNET to any port = 23
pass in quick on eri0 proto tcp from any to any port = 25
pass in quick on eri0 proto tcp from any to any port = 80

# dns??
pass in quick on eri0 proto udp from NAMSVR port = 53 to any

# others???
pass in quick on eri0 proto tcp from any to any port = 111
pass in quick on eri0 proto tcp from MYSUBNET port > 1023 to any
pass in quick on eri0 proto udp from MYSUBNET port > 1023 to any

# icmp
pass in quick on eri0 proto icmp from any to any

# deny the rest
block in log quick on eri0 all
---------

2. Printing from netscape?

3. IPfilter rule sets

4. Newbie Question !!!HELP

5. How to set FTP rule in IPFilter firewall on Solaris 8(x86)??

6. a REAL physical memory access question

7. ipfilter why does moving a rule break it?

8. FAST SCSI-2 & PCI?

9. Converting ipchains rules to ipfilter, please!

10. ipfiltering rules problem

11. ipfilter rule

12. IPFILTER NAT Rules

13. easy one...IPFilter rule to allow email through


All times are UTC
Board index