Skip to content

Instantly share code, notes, and snippets.

@juev
Created June 3, 2017 13:10
Show Gist options
  • Save juev/a76062f94a13b4f40cc0123420473225 to your computer and use it in GitHub Desktop.
Save juev/a76062f94a13b4f40cc0123420473225 to your computer and use it in GitHub Desktop.
#!/bin/sh
# Flush out the list before we begin
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add"
vpn="tun0"
lan="vtnet0"
skip="skipto 500"
$cmd 00010 allow all from any to any via lo0 # No restrictions on Loopback Interface
# $cmd 00015 divert natd ip from any to any in via $lan # NAT any inbound packets
# allows the packet through if it matches an existing entry in the dynamic rules table
$cmd 00020 check-state
$cmd 00030 allow all from any to any out via $lan setup keep-state # Allow all outbound connections
$cmd 00040 allow all from any to any via $vpn # Allow any connection to/from VPN interface
$cmd 00050 allow tcp from any to me 22 in via $lan setup limit src-addr 2 # Allow inbound SSH connections
$cmd 00060 allow udp from any to me 500 in via $lan setup limit src-addr 2 # Allow inbound VPN connections
$cmd 00100 deny log all from any to any in via $lan # deny and log all inbound to LAN interface
$cmd 00499 deny log all from any to any # Everything else is denied and logged
# $cmd 00500 divert natd ip from any to any out via $lan # skipto location for outbound stateful rules
# $cmd 00510 allow ip from any to any
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment