Manualshelf

User`s guide

ManualsBrandsProtogate ManualsComputer equipmentFreeway 3112
11121314151617181920
Chapter 4. Firewall
This chapter describes how to setup and use the firewall on a Freeway . The firewall can protect the Freeway from
unwanted connections, either by service (IP port number) or by source (IP address), or any combination of those.
4.1. Configuring the Firewall
The Freeway uses the ipfw daemon to configure and control the firewall. As usual with Freeway configuration, the
best and most flexible way to configure the firewall is to put the desired commands into one centrally-located place,
such as the file /usr/local/freeway/boot.src/rc.startsra, so that changes can be controlled and preserved
when the overall Freeway software is upgraded to a new version.
For example, Figure 4-1 shows lines which could be added to a Freeways
/usr/local/freeway/boot.src/rc.startsra file to configure and enable the ipfw firewall:
Figure 4-1. Configure and Enable the ipfw Firewall
ipfw add 20100 deny ip from not me to not me
ipfw add 20200 deny icmp from me to any icmptypes 11
# For security: deny all access to timestamp info via ICMP packets
ipfw add 20300 deny icmp from any to any icmptypes 13
ipfw add 20400 deny icmp from any to any icmptypes 14
# For security: deny all access to unnecessary ports
ipfw add 21000 deny tcp from any to me 23
ipfw add 31000 deny tcp from 192.168.1.100 to me
That example would deny all attempts to send an IP packet through the Freeway if the Freeway is not either the
source or destination of the packet; it would deny all ICMP type 11 packets from being sent by the Freeway; it would
deny all ICMP type 13 or 14 packets from being received or sent by the Freeway; it would deny all TCP/IP packets
sent to port 23 (the telnet port) of the Freeway; and it would deny all packets of any kind from the IP address
192.168.1.100.
The current firewall rules for any Freeway can be displayed by logging into the Freeway, using the su - shell to
gain root (shell) access rights, and then running the command: ipfw show.
Another example set of ipfw commands is shown in
Section 6.1. More information about ipfw and firewall
configuration is available by logging into a Freeway with any user account and typing man ipfw.
14