Find the answer to your Linux question:
Results 1 to 2 of 2
Hi im new to FreeBSD and was wondering if anyone who has experiance could take a look at my rules before i use em and end up possibly locking myself ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2011
    Posts
    2

    ipf cpanel advice needed


    Hi im new to FreeBSD and was wondering if anyone who has experiance could take a look at my rules before i use em and end up possibly locking myself out of my server and let me know it it looks like it will work

    Code:
    IPF="ipfw -q add"
    ipfw -q -f flush
    
    #loopback
    $IPF 10 allow all from any to any via lo0
    $IPF 20 deny all from any to 127.0.0.0/8
    $IPF 30 deny all from 127.0.0.0/8 to any
    $IPF 40 deny tcp from any to any frag
    
    # statefull
    $IPF 50 check-state
    $IPF 60 allow tcp from any to any established
    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any
    
    # open port ftp (20,21), Customized ssh (5678), mail (25)
    # http (80), dns (53) etc
    $IPF 110 allow tcp from any to any 20-21 in
    $IPF 120 allow tcp from any to any 20-21 out
    $IPF 110 allow tcp from any to any 30000-50000 in
    $IPF 120 allow tcp from any to any 30000-50000 out
    #Custom ssh port
    $IPF 130 allow tcp from any to any 5678 in
    $IPF 140 allow tcp from any to any 5678 out
    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    
    # cpanel 11
    $IPF 110 allow tcp from any to any 2086 in
    $IPF 120 allow tcp from any to any 2086 out
    $IPF 110 allow tcp from any to any 2082 in
    $IPF 120 allow tcp from any to any 2082 out
    
    # Red5
    $IPF 200 allow tcp from any to any 843 in
    $IPF 210 allow tcp from any to any 843 out
    $IPF 200 allow tcp from any to any 5080 in
    $IPF 210 allow tcp from any to any 5080 out
    $IPF 200 allow tcp from any to any 8443 in
    $IPF 210 allow tcp from any to any 8443 out
    $IPF 200 allow tcp from any to any 1935-1936 in
    $IPF 210 allow tcp from any to any 1935-1936 out
    $IPF 200 allow tcp from any to any 8088 in
    $IPF 210 allow tcp from any to any 8088 out
    $IPF 200 allow tcp from any to any 9035 in
    $IPF 210 allow tcp from any to any 9035 out
    $IPF 200 allow tcp from any to any 9999 in
    $IPF 210 allow tcp from any to any 9999 out
    
    # Shoutcast Spanel
    $IPF 200 allow tcp from any to any 8000-9000 in
    $IPF 210 allow tcp from any to any 8000-9000 out
    $IPF 200 allow udp from any to any 8000-9000 in
    $IPF 210 allow udp from any to any 8000-9000 out
    
    # deny and log everything
    $IPF 500 deny log all from any to any

  2. #2
    Just Joined!
    Join Date
    Sep 2011
    Posts
    2

    worked

    it worked great i left out a few ports so if anyone needs to use this as an example ill post my updated version note that you can remove stuff like red5 if you dont have it installed on your system

    Code:
    IPF="ipfw -q add"
    ipfw -q -f flush
    
    #loopback
    $IPF 10 allow all from any to any via lo0
    $IPF 20 deny all from any to 127.0.0.0/8
    $IPF 30 deny all from 127.0.0.0/8 to any
    $IPF 40 deny tcp from any to any frag
    
    # statefull
    $IPF 50 check-state
    $IPF 60 allow tcp from any to any established
    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any
    
    # open port ftp (20,21), Customized ssh (5678), mail (25)
    # http (80), dns (53) etc
    $IPF 110 allow tcp from any to any 20-21 in
    $IPF 120 allow tcp from any to any 20-21 out
    $IPF 110 allow tcp from any to any 10000-50000 in
    $IPF 120 allow tcp from any to any 10000-50000 out
    #Custom ssh port
    $IPF 130 allow tcp from any to any 5678 in
    $IPF 140 allow tcp from any to any 5678 out
    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    $IPF 200 allow tcp from any to any 443 in
    $IPF 210 allow tcp from any to any 443 out
    # cpanel 11
    $IPF 110 allow tcp from any to any 2086 in
    $IPF 120 allow tcp from any to any 2086 out
    $IPF 110 allow tcp from any to any 2082 in
    $IPF 120 allow tcp from any to any 2082 out
    $IPF 110 allow tcp from any to any 2087 in
    $IPF 120 allow tcp from any to any 2087 out
    
    # Red5
    $IPF 200 allow tcp from any to any 843 in
    $IPF 210 allow tcp from any to any 843 out
    $IPF 200 allow tcp from any to any 5080 in
    $IPF 210 allow tcp from any to any 5080 out
    $IPF 200 allow tcp from any to any 8443 in
    $IPF 210 allow tcp from any to any 8443 out
    $IPF 200 allow tcp from any to any 1935-1936 in
    $IPF 210 allow tcp from any to any 1935-1936 out
    $IPF 200 allow tcp from any to any 8088 in
    $IPF 210 allow tcp from any to any 8088 out
    $IPF 200 allow tcp from any to any 9035 in
    $IPF 210 allow tcp from any to any 9035 out
    $IPF 200 allow tcp from any to any 9999 in
    $IPF 210 allow tcp from any to any 9999 out
    
    # Shoutcast Spanel
    $IPF 200 allow tcp from any to any 8000-9000 in
    $IPF 210 allow tcp from any to any 8000-9000 out
    $IPF 200 allow udp from any to any 8000-9000 in
    $IPF 210 allow udp from any to any 8000-9000 out
    
    # deny and log everything
    $IPF 500 deny log all from any to any
    IMPORTANT you need to change the ssh part mines using 5678 to whatever ssh port you have on yours
    you will also need to enable passive ports in your ftp config on the server after that this works gr8
    Last edited by rfrayer; 09-14-2011 at 06:51 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •