Why doesn't this firewall work?

galilao

Hello:

I tried running this firewall at a restaurant with the IP address of 10.1.10.95, an router address of 10.1.10.1, and a subnet mask of 255.255.255.0, and it doesn't block when the VPN is disconnected. Can anybody tell me what is wrong with it?

Thank you

sudo sysctl -w net.inet.ip.fw.enable=0

sudo sysctl -w net.inet.ip.forwarding=0

sudo ipfw flush

sudo ipfw delete set 31

sudo sysctl -w net.inet.ip.fw.enable=1

sudo sysctl -w net.inet.ip.forwarding=0

sudo ipfw add 01200 allow ip from 10.1.0.0/16 to 37.235.51.133 keep-state

sudo ipfw add 01300 allow ip from 10.1.0.0/16 to 89.149.226.185 keep-state

sudo ipfw add 01400 allow ip from 10.1.0.0/16 to 46.165.208.65 keep-state

sudo ipfw add 01500 allow ip from 10.1.0.0/16 to 31.193.12.74 keep-state

sudo ipfw add 01600 allow ip from 10.1.0.0/16 to 31.193.12.98 keep-state

sudo ipfw add 01700 allow ip from 10.1.0.0/16 to 94.242.205.234 keep-state

sudo ipfw add 01800 allow ip from 10.1.0.0/16 to 95.211.169.3 keep-state

sudo ipfw add 01900 allow ip from 10.1.0.0/16 to 85.17.123.26 keep-state

sudo ipfw add 02000 allow ip from 10.1.0.0/16 to 95.211.191.33 keep-state

sudo ipfw add 02100 allow ip from 10.1.0.0/16 to 62.212.85.65 keep-state

sudo ipfw add 02200 allow ip from 10.1.0.0/16 to 95.211.98.154 keep-state

sudo ipfw add 02300 allow ip from 10.1.0.0/16 to 178.248.30.131 keep-state

sudo ipfw add 02400 allow ip from 10.1.0.0/16 to 198.15.111.162 keep-state

sudo ipfw add 02500 allow ip from 10.1.0.0/16 to 108.59.11.194 keep-state

sudo ipfw add 02600 allow ip from 10.1.0.0/16 to 108.59.8.147 keep-state

sudo ipfw add 02800 allow ip from 10.1.0.0/16 to 69.163.36.66 keep-state

sudo ipfw add 03000 allow ip from 127.0.0.1 to any

sudo ipfw add 05000 allow log ip from 10.0.0.0/8 to any

sudo ipfw add 05100 allow log ip from any to 10.0.0.0/8

sudo ipfw add 65534 deny log ip from any to any

Staff

Hello:
I tried running this firewall at a restaurant with the IP address of 10.1.10.95, an router address of 10.1.10.1, and a subnet mask of 255.255.255.0, and it doesn't block when the VPN is disconnected. Can anybody tell me what is wrong with it?

Hello!

In this case the firewall will not block anything because of the following lines:

sudo ipfw add 05000 allow log ip from 10.0.0.0/8 to any
sudo ipfw add 05100 allow log ip from any to 10.0.0.0/8

which must be replaced in any case with the proper AirVPN IP ranges.

Please see https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2935&Itemid=142#4481

Kind regards

galilao

Hello,

What ranges would cover all of the AirVPN servers?

Thank you

Sign In

Why doesn't this firewall work?

Recommended Posts

galilao 2

Share this post

Link to post

Staff 9770

Share this post

Link to post

galilao 2

Share this post

Link to post

Join the conversation

Home

Community