Firewall script!


#!/bin/sh
# Firewall-Script / FreeBSD

# Variablen
$ipfw="/sbin/ipfw -qf"
$tcpmssd="/usr/local/bin/tcpmssd"

# Interfaces
##  Netzwerkkarte
rl1="ed0"
## DSL-Tunnel
rl0="tun0"

# tcpmssd starten
$tcpmssd -m 1492 -p 1234

# Regeln definieren
$ipfw flush
$ipfw add 51 divert 1234 tcp from any to any via $if2 setup
$ipfw add 100 deny all from any to 127.0.0.0/8 in recv $if2
$ipfw add 200 deny all from 10.0.0.0/8 to any in recv $if2
$ipfw add 300 deny all from 169.254.0.0/16 to any in recv $if2
$ipfw add 400 deny all from 172.16.0.0/12 to any in recv $if2
$ipfw add 500 deny all from 192.168.0.0/16 to any in recv $if2
$ipfw add 1000 allow ip from any to any


RC.CONF

This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.

# Enable network daemons for user convenience.
# -- sysinstall generated deltas -- #
gateway_enable="YES"
inetd_enable="YES"
kern_securelevel_enable="NO"
moused_enable="YES"
moused_type="YES"
sendmail_enable="NONE"
sshd_enable="YES"
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="t-online"
keymap="german.iso"
network_interfaces="rl0 rl1 lo"
ifconfig_rl0="up"
firewall_enable="YES"
firewall_script="/etc/rc.firewall-dsl"
firewall_logging="YES"
hostname="Server-Laden"
# -- sysinstall generated deltas -- # Tue Feb 18 07:44:46 2003
ifconfig_rl1="inet 192.168.0.80  netmask 255.255.255.0"
defaultrouter="192.168.0.100"
hostname="Server-Laden"


netstat -rn


Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            217.5.98.92        UGSc        2        0   tun0
192.168.0          link#2             UC          2        0    rl1
192.168.0.1        00:60:97:ad:57:1b  UHLW        1       39    rl1   1187
192.168.0.100      link#2             UHLW        0        0    rl1
217.5.98.92        80.134.220.161     UH          3        0   tun0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UH          lo0
fe80::%rl0/64                     link#1                        UC          rl0
fe80::200:1cff:fede:9bbc%rl0      00:00:1c:de:9b:bc             UHL         lo0
fe80::%rl1/64                     link#2                        UC          rl1
fe80::250:fcff:fe9e:57d4%rl1      00:50:fc:9e:57:d4             UHL         lo0
fe80::%lo0/64                     fe80::1%lo0                   Uc          lo0
fe80::1%lo0                       link#4                        UHL         lo0
ff01::/32                         ::1                           U           lo0
ff02::%rl0/32                     link#1                        UC          rl0
ff02::%rl1/32                     link#2                        UC          rl1
ff02::%lo0/32                     ::1                           UC          lo0
ff02::%tun0/32                    fe80::200:1cff:fede:9bbc%tun0 UC         tun0