Understanding the default firewall rules

Post your general questions or comments about GhostBSD here!
Post Reply
User avatar
security_lover
Posts: 69
Joined: Thu Apr 22, 2021 9:54 am

Understanding the default firewall rules

Post by security_lover »

Code: Select all

sudo ipfw list
Password:
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any icmp6types 1
01000 allow ipv6-icmp from any to any icmp6types 2,135,136
65535 allow ip from any to any
Starting from 00600 & ends at 01000 what are these "allow" rules for ?
Why is 65535 allowed ?

I read here >> https://www.speedguide.net/port.php?port=65535. It says "trojans".

Under Linux I was using "deny all incoming" "allow all outgoing". I was using ufw to manage iptables.
I am paranoid about security !
nevets
Posts: 149
Joined: Tue Jun 23, 2020 3:54 am

Re: Understanding the default firewall rules

Post by nevets »

Hi,
My understanding (I'm no specialist) is that the rules are configured "open outgoing".
IPFW uses sequential rules (numbered) to trap the events it describes.
Each rule is applied in order. Thus the first rule applies to lo0.
The last rule at position 65535 is rule number 65535, not port 65535.
Please read up on the IPFW page of the freebsd handbook at:
https://docs.freebsd.org/en/books/handb ... -ipfw.html
Steve
User avatar
security_lover
Posts: 69
Joined: Thu Apr 22, 2021 9:54 am

Re: Understanding the default firewall rules

Post by security_lover »

Okay let's try to learn this together until an expert replies.
The last rule at position 65535 is rule number 65535, not port 65535.
First one is 00100 then its 00200 & then finally the rule number reaches position 10 which is 01000.

So the next rule after 01000 should be 01100. Not 65535.

You understand my point ?
I am paranoid about security !
User avatar
security_lover
Posts: 69
Joined: Thu Apr 22, 2021 9:54 am

Re: Understanding the default firewall rules

Post by security_lover »

You are right its not the port number its the rule number. Unless people read the man page they will be confused.
Bottom line rule number 65535 is unavoidable.

I found the answer here : https://www.freebsd.org/cgi/man.cgi?que ... ease-ports
A ruleset always includes a default rule (numbered 65535) which cannot be
modified or deleted, and matches all packets. The action associated with
the default rule can be either deny or allow depending on how the kernel
is configured.
This person had the same worry :
https://forums.freebsd.org/threads/free ... ipt.65615/
I am paranoid about security !
Post Reply