Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'we have a winner' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
we have a winner
Authored by: TigerKR on Sep 11, '03 04:32:34AM

This firewall.conf is a winner. Its been error tested and optimized for security, speed, and measured accessibility. I recommend that you also install Little Snitch on your LAN clients (that way, you're able to block attacks from outside, and within).

firewall.conf

I found that I was running out of dynamic rules, so I also had to alter the Firewall startup item created by brickhouse (which is located at /Library/StartupItems/Firewall/Firewall ) so that more dynamic rules could be accommodated. It now looks like this:

#!/bin/sh
# Firewall Boot Script
# Generated by BrickHouse
# Altered by TigerKR


#===========================================================
# Enable IP Sharing
#===========================================================
# Enable IP Forwarding in the kernel
/usr/sbin/sysctl -w net.inet.ip.forwarding=1

# Start the natd server
/usr/sbin/natd -f /etc/natd.conf

# Add additional gateway IP addresses and routes
/sbin/ifconfig en1 inet 192.168.0.1 netmask 255.255.255.0 alias up
/sbin/route add -host 192.168.0.1 -interface 127.0.0.1


#===========================================================
# Enable IP Firewall Logging
#===========================================================
/usr/sbin/sysctl -w net.inet.ip.fw.verbose=1

# Put a limit on each rule's logging
/usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=500


#===========================================================
# Double the number of possible dynamic rules
#===========================================================
/usr/sbin/sysctl -w net.inet.ip.fw.dyn_buckets=512
/usr/sbin/sysctl -w net.inet.ip.fw.dyn_max=2000


#===========================================================
# Process Firewall Rules File
#===========================================================
/sbin/ipfw -q /etc/firewall.conf


I hope that this is helpful for someone. It took a long time for me to find out what the everything was and what it did. And then there was the error checking and optimizing ;)



[ Reply to This | # ]