Cover V05, I06
Article
Figure 1
Figure 2
Figure 3
Listing 1
Listing 10
Listing 11
Listing 2
Listing 3
Listing 4
Listing 5
Listing 6
Listing 7
Listing 8
Listing 9
Sidebar 1
Sidebar 2
Sidebar 3
Sidebar 4
Sidebar 5
Sidebar 6
Sidebar 7

jun96.tar

Listing 8: add.output

#!/bin/sh

IPFW="/sbin/ipfwadm"

# Assume eth0 is our trusted interface
TRUSTIF=`/sbin/ifconfig eth0|sed -n -e "s/^[     ]*inet addr\:\([0-
9\.]*\).*$/\1/p"`

if [ -x $IPFW ]; then
# Add output rule for me -> nameserver
$IPFW -O -a accept -P udp -V $TRUSTIF -S 193.78.174.33 -D 193.78.174.34 53

# Add output rule for nameserver -> Internet
$IPFW -O -a accept -P udp -S 194.109.13.150 -D 0.0.0.0/0 53

# Add output rule for Internet -> nameserver (masqueraded)
$IPFW -O -a accept -P udp -V $TRUSTIF -S 0.0.0.0/0 53 -D 193.78.174.34 53

# Add output rule for local -> Internet
$IPFW -O -a accept -P tcp -S 194.109.13.150 -D 0.0.0.0/0

# Add output rules for FTP data connection
$IPFW -O -a accept -P tcp -S 0.0.0.0/0 20 -D 193.78.174.34 1024:65535
$IPFW -O -a accept -P tcp -S 0.0.0.0/0 20 -D 193.78.174.35 1024:65535

# Add output rules for Internet -> clients, ACK only !! (masqueraded)
$IPFW -O -a accept -P tcp -k -S 0.0.0.0/0 -D 193.78.174.34
$IPFW -O -a accept -P tcp -k -S 0.0.0.0/0 -D 193.78.174.35
fi


 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com