[l008com]

Hi. I'm hoping I can get some help creating a rule set for an ipfw firewall on my server. I'll try and describe everything I need below, but I'm sure there will be some other questions that I'll need to answer (like i have no idea what ICMP IGMP even are?).
OK so of course I want all outgoing connections to be allowed, I want to be able to surf the web and connect to other server etc. Then of course I have a list of ports I need to open, but rather than list them all, we'll just say port 80, and ill just set up all the rest I need the same way. These are ports that I need anyone to be able to access from anywhere on the internet. Now, this server also runs a VPN, so clients connected via VPN will have an ip from 172.16.1.100-172.16.1.250 (but 172.16.1.* is specific enough for me) So I have a second smaller range of ports that I need to open, for services that I only want people that have VPN'ed in to be able to access. Now I kinda suck at firewall rules, I've tried a bunch of times and ever really been very successfull, so if there is something else I need that I haven't listed, please tell me cause if you assume I know about it, I don't!

Thanks!

[macroy]

its been a long time... but if I recall correctly, the syntax for ipfw is:

ipfw add deny/allow tcp/udp from <network/address> to <network/address> <port> <interface>

Thus, to allow port 80, it would be:

ipfw add allow tcp from any to <your address> 80 via eth0

Does that help? Also keep in mind that rules work top down, and once a rule matches, it no longer looks at the rest of the list.
Thus, you want to put the most general rules at the bottom. which is allow all to all and deny all from all.

You also want to log the denies so you can go back and troubleshoot:

ipfw add deny log udp/tcp from any to <network/address> <port>.

[l008com]

I think i figured out how to use apple's GUI finally. Its not very intuitive thats for sure, but I think i got a hang of it. But thaks.