# ipfw cpanel advice needed



## rfrayer (Sep 13, 2011)

Hi im new to FreeBSD 8.1 and was wondering if anyone who has experiance could take a look at my rules before i use em and end up possibly locking myself out of my server and let me know it it looks like it will work



```
IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), Customized ssh (5678), mail (25)
# http (80), dns (53) etc
$IPF 110 allow tcp from any to any 20-21 in
$IPF 120 allow tcp from any to any 20-21 out
$IPF 110 allow tcp from any to any 30000-50000 in
$IPF 120 allow tcp from any to any 30000-50000 out
#Custom ssh port
$IPF 130 allow tcp from any to any 5678 in
$IPF 140 allow tcp from any to any 5678 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out

# cpanel 11
$IPF 110 allow tcp from any to any 2086 in
$IPF 120 allow tcp from any to any 2086 out
$IPF 110 allow tcp from any to any 2082 in
$IPF 120 allow tcp from any to any 2082 out

# Red5
$IPF 200 allow tcp from any to any 843 in
$IPF 210 allow tcp from any to any 843 out
$IPF 200 allow tcp from any to any 5080 in
$IPF 210 allow tcp from any to any 5080 out
$IPF 200 allow tcp from any to any 8443 in
$IPF 210 allow tcp from any to any 8443 out
$IPF 200 allow tcp from any to any 1935-1936 in
$IPF 210 allow tcp from any to any 1935-1936 out
$IPF 200 allow tcp from any to any 8088 in
$IPF 210 allow tcp from any to any 8088 out
$IPF 200 allow tcp from any to any 9035 in
$IPF 210 allow tcp from any to any 9035 out
$IPF 200 allow tcp from any to any 9999 in
$IPF 210 allow tcp from any to any 9999 out

# Shoutcast Spanel
$IPF 200 allow tcp from any to any 8000-9000 in
$IPF 210 allow tcp from any to any 8000-9000 out
$IPF 200 allow udp from any to any 8000-9000 in
$IPF 210 allow udp from any to any 8000-9000 out

# deny and log everything
$IPF 500 deny log all from any to any
```

Thanks in advance


----------



## rfrayer (Sep 13, 2011)

*kinda working*

ok i kind of got it working all except the ftp part it will start uploading and then file transfers fail like crazy. ive tested to see if it isnt the firewall by disabling and then ftp works fine


```
IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag


# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), Customized ssh (5678), mail (25)
# http (80), dns (53) etc
$IPF allow tcp from any to any 20-21 in
$IPF allow tcp from any to any 20-21 out
$IPF allow tcp from any to any 10000-60000 keep-state


${fwcmd} add pass tcp from ${FTP} to any established
${fwcmd} add pass tcp from ${FTP} 20 to any setup
${fwcmd} add pass tcp from any to ${FTP} established
${fwcmd} add pass tcp from any to ${FTP} 50000-59999 setup
${fwcmd} add pass tcp from any to ${FTP} 21 setup 


#Custom ssh port
$IPF 130 allow tcp from any to any 5678 in
$IPF 140 allow tcp from any to any 5678 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
$IPF 200 allow tcp from any to any 443 in
$IPF 210 allow tcp from any to any 443 out
# cpanel 11
$IPF 110 allow tcp from any to any 2086 in
$IPF 120 allow tcp from any to any 2086 out
$IPF 110 allow tcp from any to any 2082 in
$IPF 120 allow tcp from any to any 2082 out
$IPF 110 allow tcp from any to any 2087 in
$IPF 120 allow tcp from any to any 2087 out

# Red5
$IPF 200 allow tcp from any to any 843 in
$IPF 210 allow tcp from any to any 843 out
$IPF 200 allow tcp from any to any 5080 in
$IPF 210 allow tcp from any to any 5080 out
$IPF 200 allow tcp from any to any 8443 in
$IPF 210 allow tcp from any to any 8443 out
$IPF 200 allow tcp from any to any 1935-1936 in
$IPF 210 allow tcp from any to any 1935-1936 out
$IPF 200 allow tcp from any to any 8088 in
$IPF 210 allow tcp from any to any 8088 out
$IPF 200 allow tcp from any to any 9035 in
$IPF 210 allow tcp from any to any 9035 out
$IPF 200 allow tcp from any to any 9999 in
$IPF 210 allow tcp from any to any 9999 out

# Shoutcast Spanel
$IPF 200 allow tcp from any to any 8000-9000 in
$IPF 210 allow tcp from any to any 8000-9000 out
$IPF 200 allow udp from any to any 8000-9000 in
$IPF 210 allow udp from any to any 8000-9000 out

# deny and log everything
$IPF 500 deny log all from any to any
```


----------

