nastaveni firewallu

[Jaroslav Votruba]

>
> 	ping je ICMP. Presneji receno dve ICMP - protoze zvlast request a reply.
>
>   

mam tam
${fwcmd} 950 allow icmp from any to any in via ${oif} icmptypes 0,3,4,8,11
a ping by mel byt 0 a 8 ICMP, nicmene ping neprojde. Nemel by byt nekde 
vyse?

Dale, jak ma byt vysoko divertovaci pravidlo? Mam ho za blokaci techto 
pravidel (viz nize), ale nepropusti me to z vnitrni site ven

${fwcmd} 10 unreach filter-prohib all from not $oip to any out xmit ${oif}

# Stop RFC1918 nets on the outside interface.
${fwcmd} 30 deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} 40 deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} 50 deny all from any to 192.168.0.0/16 via ${oif}

# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface.
${fwcmd} 60 deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} 70 deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} 80 deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} 90 deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} 100 deny all from any to 240.0.0.0/4 via ${oif}

${fwcmd} 110 divert natd ip from any to any via xl0

jen jste reknu, ze v natd.cf mam jen
a IP
u



Jeste mi neni jasné, proc kdyz mam v configu IPFW na zacatku flush -f, 
tak pokud nactu pravidla z tohoto configu, tak pri nacitani pomoci ssh, 
se pravidla flushnou, zustane jen posledni 65 xxx ktere firewall uzavre. 
Když to same provedu z konzole, tak se pravidla flushnou a pak nactou 
tak jak maji.