#!/bin/sh # I trust ipfwadm port blocking more than my IP checking code and think # that having two methods of stopping nasty people is better than one. # I hope you do the same. You can add these line to your /etc/rc.d/rc.local # (or equivalent script): # /sbin/ipfwadm -I -f # This will clear all rules, only do this # # if this is your only rule. # /sbin/ipfwadm -I -p accept # By default let everything through # /sbin/ipfwadm -I -a deny -W ppp0 -P tcp -D 0.0.0.0/0 224 # Aside from telling you how to stop people on the outside from getting at # the server you can read the code and inform me of any bugs you find. /sbin/ipfwadm -F -f /sbin/ipfwadm -F -p reject /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -I -a reject -W ppp0 -P tcp -D 0.0.0.0/0 224