---

Jeg er ved at sætte en firewall op og køre med nedenstående firewall
(FreeBSD med ipfw og ingen NAT). Jeg har problemer med FTP for alting går
frygteligt langsomt og er ustabilt (både ved passiv og aktiv FTP).
Jeg har post, web og nameserver på maskinen.

/etc/rc.firewall:

${fwcmd} -f flush

# The vital SSH connection
${fwcmd} add 1000 allow tcp from any to me 22
${fwcmd} add 1100 allow tcp from me 22 to any

${fwcmd} add 3000 deny log all from any to 0.0.0.0/8 via xl0
${fwcmd} add 3100 deny log all from any to 10.0.0.0/8 via xl0
${fwcmd} add 3200 deny log all from any to 169.254.0.0/16 via xl0
${fwcmd} add 3300 deny log all from any to 172.16.0.0/12 via xl0
${fwcmd} add 3400 deny log all from any to 192.0.2.0/24 via xl0
${fwcmd} add 3500 deny log all from any to 192.168.0.0/16 via xl0
${fwcmd} add 3600 deny log all from any to 224.0.0.0/4 via xl0
${fwcmd} add 3700 deny log all from any to 240.0.0.0/4 via xl0

# Check the state and reject late and fragged packets
${fwcmd} add 4000 check-state
${fwcmd} add 5000 allow tcp from any to any established out via xl0
${fwcmd} add 5100 deny log tcp from any to any established
${fwcmd} add 5200 deny log all from any to any frag

# Incoming to firewall/server
${fwcmd} add 6000 allow tcp from any to me 21,25,80,110 keep-state setup
${fwcmd} add 6100 allow udp from any 53,123 to me keep-state

# Outgoing from firewall/server
${fwcmd} add 7000 allow log tcp from me 20 to any keep-state setup
${fwcmd} add 7100 allow log udp from me to any 53 keep-state

# Deny and log the rest
${fwcmd} add 60000 deny log tcp from any to any 135,445
${fwcmd} add 61000 deny log udp from any to any 135-139
${fwcmd} add 65000 deny log all from any to any

Ser det rigtigt ud?