# -----------------------------------------------------------
# /etc/ipfw.rules
# Last Modified: Sun 04 Apr 2004 11:54:21 PM MDT
# root@peach.hewbert.com
# -----------------------------------------------------------


# localhost --:
add 00010 allow ip from any to any via lo0	# loopback
add 00020 deny log ip from any to 127.0.0/8		# spoofing

# Allow all LAN traffic.
add 00100 allow ip from 65.168.153.170 to any via lnc0
add 00150 allow ip from any to any via xl0

# Spoofing.
add 00160 deny log 192.168.0.0/8 from any to any via lnc0

# External services --:
add 00250 allow tcp from any to any 21 in		# Allow FTP
add 00300 allow tcp from any to any 22 in		# Allow SSH externally
add 00305 allow tcp from any to any 80 in		# Allow HTTP externally
add 00400 deny tcp from any to any 113 in		# Block auth

# Passive FTP
add 00450 allow tcp from any to any 41000-51000 in


add 00500 allow tcp from any to any established	# Allow established connections

# Outbound rules --:
add 00600 allow ip from any to any out



# -------/ ISP/DNS Stuff /-------
add 00700 allow ip from 209.159.192.7 53 to any in
add 00750 allow ip from 209.159.192.6 53 to any in
add 00800 allow ip from 209.104.63.240 53 to any in
add 00850 allow ip from 209.104.63.241 53 to any in

add 00900 allow icmp from 209.159.192.7 to any in recv lnc0
add 00905 allow icmp from 209.159.192.6 to any in recv lnc0
add 00910 allow icmp from 209.104.63.240 to any in recv lnc0
add 00915 allow icmp from 209.104.63.241 to any in recv lnc0
add 00920 allow udp from 209.159.231.231 to any in
add 00930 allow udp from 206.107.155.245 to any in
# -------------------------------



# Log netbus for entertainment
add 01000 deny log tcp from any to any 12345 in recv lnc0
add 01005 deny log tcp from any to any 20034 in recv lnc0



# And of course
add 65535 deny log ip from any to any