#!/bin/sh
# example ipfw on FreeBSD script
# intended for end host.
#
# $1 is ip address for interface in question

addr=$1
# block syslog to outside world
ipfw add 100 deny udp from any to $addr syslog via fxp0
# block lpd
ipfw add 200 deny tcp from any to $addr 515 via fxp0
ipfw add 300 deny udp from any to $addr 515 via fxp0
# block X
ipfw add 400 deny tcp from any to $addr 6000 via fxp0
# block email, although this isn't necessary
ipfw add 500 deny tcp from any to $addr 25 via fxp0
# block portmapper
ipfw add 600 deny tcp from any to $addr 111 via fxp0
ipfw add 700 deny udp from any to $addr 111 via fxp0
# block nfs
ipfw add 800 deny udp from any to $addr 2049 via fxp0
# block ftp access if necessary
#ipfw add 900 deny tcp from any to $addr 21   via fxp0
# block web server access so it is local and only for testing
ipfw add 1000 deny tcp from any to $addr 80   via fxp0
# snmp and traps
ipfw add 1001 deny udp from any to $addr 161   via fxp0
ipfw add 1002 deny udp from any to $addr 162   via fxp0
# sendmail submission port/paranoia as it binds to localhost
ipfw add 1003 deny tcp from any to $addr 587   via fxp0