User Tools

Site Tools


ipfw

IpFw

Simple but nice firewall. Good Reading

How to create forward for port

Rule below forward request to 5111 to port 232

ipfw add fwd localhost,5111 tcp from any to any 232 via en0

Diverting port using snort

Rule below will divert the traffic from one port to another.\

ipfw add 0010 divert 8080 tcp from any to any 80

NOTE : sysctl net.link.ether.bridge_ipfw=1 (this value enable the snort)

Common Attack Prevention

# XMAS tree

ipfw add 00011 deny log tcp from any to any in tcpflags fin,psh,urg recv em0

# NULL scan (no flag set at all)

ipfw add 00012 deny log tcp from any to any in tcpflags !fin,!syn,!rst,!psh,!ack,!urg recv em0

# SYN flood (SYN,FIN)

ipfw add 00013 deny log tcp from any to any in tcpflags syn,fin recv em0

# Stealth FIN scan (FIN,RST)

ipfw add 00014 deny log tcp from any to any in tcpflags fin,rst recv em0

# forced packet routing

ipfw add 00015 deny log ip from any to any in ipoptions ssrr,lsrr,rr,ts recv em0

# ACK scan (ACK,RST)

ipfw add 00016 deny log tcp from any to any in tcpflags ack,rst recv em0

#deny fragments as bogus packets

ipfw add 00017 deny log all from any to any frag in via em0
ipfw.txt · Last modified: 2010/09/08 16:43 by k2patel