How to Add rules to IP Filter (Firewall in SCO)

Question

I need to add a rule (allow any to any port 22) to my firewall, so that I can ssh remotely into my machine.

I have had a look in the SCO OSR600 Documentation and I cannot find anything in there.

Update

I have managed to enable ipfstat:

#ipfstat enable

And now my firewall is active, I just need to add rules now.

But where do I find the rules text file?

I am currently looking for the ipf config file, but can't find it. — Kevdog777, Jul 26 '12 at 12:45

tombolinux · Accepted Answer · 2012-07-29T21:03:36.537

2

Probably the rule, should be:

pass  in   quick proto tcp  from any  to any port = 22 keep state 
pass  out  quick proto tcp  from any  to any port = 22 keep state

in /etc/ipf.conf

edited Jul 29 '12 at 21:03

answered Jul 29 '12 at 20:54

tombolinux

Do you think I should try the same but for like port 80 and 81 as well? Or is that already included (default)? - I haven't tried adding the rules, just got into work now. – Kevdog777 Jul 30 '12 at 07:40
I just tried going in to the `/etc/ipf.conf` file, and it says it is a new file. I did this in both my user and root profile. – Kevdog777 Jul 30 '12 at 07:49
1

AWESOME, thank you, it has worked ... FINALLY!!! – Kevdog777 Jul 30 '12 at 08:11
I think that you, like me in the past, need a firewall editor. I suggest you to use fwbuilder http://www.fwbuilder.org/ – tombolinux Jul 31 '12 at 16:18
But is that just a GUI or can I use a terminal to edit the firewall too? – Kevdog777 Aug 01 '12 at 09:03
Also, what does the `quick`, in adding the port, mean? – Kevdog777 Aug 01 '12 at 09:05
1

fwbuilder is a gui client for windows or linux. It helps you to generate the configuration for your firewall, then you can upload it to your server via sftp. – tombolinux Aug 01 '12 at 09:30

score 1 · Answer 2 · answered Jul 28 '12 at 18:41

1

Would think you add them the same as you would with iptables. Here is a quick doc on IPF though. http://www.freebsd.org/doc/handbook/firewalls-ipf.html

answered Jul 28 '12 at 18:41

stlsaint

Thank you for your answer, but that site is for FreeBSD, and OK it might help a bit, but reading through that gave me a headache in the first place. – Kevdog777 Jul 30 '12 at 07:57

2 Answers2