# -----------------------------------------------------------
# /etc/ipfw.rules
# Last Modified: Sun 04 Apr 2004 11:54:21 PM MDT
# root@grape.hewbert.com
# -----------------------------------------------------------

# localhost --:
add 00010 allow ip from any to any via lo0	# loopback
add 00020 deny ip from any to 127.0.0/8		# spoofing

# Allow all traffic from Local network (other IP):
add 00100 allow ip from 209.159.195.76 to any via rl0

add 00121 allow ip from 192.168.0.0/24 to any via rl0

add 00122 allow ip from 209.159.195.82 to any via rl0
add 00125 allow tcp from 209.159.195.82 to any via rl0
add 00128 allow udp from 209.159.195.82 to any via rl0


# External services --:
add 00300 allow tcp from any to any 22 in		# Allow SSH externally
add 00305 allow tcp from any to any 25 in
add 00310 allow tcp from any to any 110 in
add 00400 deny tcp from any to any 113 in		# Block auth

add 00500 allow tcp from any to any established	# Allow established connections

# Outbound rules --:
add 00600 allow ip from any to any out			# Allow all outbound traffic (for now).


# -------/ ISP/DNS Stuff /-------
add 00700 allow udp from 209.159.192.7 53 to any in
add 00750 allow udp from 209.159.192.6 53 to any in
add 00800 allow udp from 209.104.63.240 53 to any in
add 00820 allow udp from 209.104.63.241 53 to any in

add 00900 allow tcp from 209.159.192.7 53 to any in
add 00905 allow tcp from 209.159.192.6 53 to any in
add 00910 allow tcp from 209.104.63.240 53 to any in
add 00915 allow tcp from 209.104.63.241 53 to any in

add 00600 allow icmp from 209.159.192.7 to any in recv rl0
add 00601 allow icmp from 209.159.192.6 to any in recv rl0
add 00602 allow icmp from 209.104.63.240 to any in recv rl0
add 00603 allow icmp from 209.104.63.241 to any in recv rl0
# -------------------------------



# Log netbus for entertainment
add 00500 deny log tcp from any to any 12345 in recv rl0
add 00501 deny log tcp from any to any 20034 in recv rl0



# And of course
add 65535 deny ip from any to any

# EOF