Date: Thu, 29 Mar 2001 17:18:36 +0200 From: "Florian Bartels" <f-bartels@web.de> To: freebsd-questions@FreeBSD.ORG Subject: Re: rc.firewall vs. ipfw Message-ID: <20010329171835.B415@mercury.localnet> In-Reply-To: <01Mar29.110404est.115354@gateway.intersys.com>; from bojar@intersys.com on Thu, Mar 29, 2001 at 11:02:28AM -0500 References: <01Mar29.110404est.115354@gateway.intersys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
E. Jordan Bojar (bojar@intersys.com) wrote: > OK, last stupid question of the week, I hope. I'm setting up a single box > on a hosting rack I don't own, and I want to lock it down best I can. I > just want to let SSH, HTTP, and SMTP in for now. > > I understand how to do it with ipfw, but I assume those settings are lost in > the case of accidental reboot, right?. If so, is the syntax for editing > rc.firewall any different than ipfw? > > The "client" vs "simple" distinction also confuses me a tad, as I'm neither > protecting a netowrk behind me nor do I have a network I trust in front, so > neither of these prebuilts really work for me. Can I just have rc.firewall > reference another file with ipfw rules, or replace it altogether with this? You can set the firewall script in /etc/rc.conf e.g <snip> firewall_enable="YES" # Set to YES to enable firewall # functionality firewall_script="/etc/firewall/fwall" # Which script to run to set up the # firewall </snip> In this shell script (by you) you can set your own firewall/ipfw rules. -- //.......................................................................// //Florian Bartels <f-bartels@web.de><f-bartels@uni.de> // // <Power-two@gmx.de><f-bartels@extended.de> // Not quite human any longer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010329171835.B415>