Date: Thu, 29 Mar 2001 17:18:36 +0200 From: "Florian Bartels" <f-bartels@web.de> To: freebsd-questions@FreeBSD.ORG Subject: Re: rc.firewall vs. ipfw Message-ID: <20010329171835.B415@mercury.localnet> In-Reply-To: <01Mar29.110404est.115354@gateway.intersys.com>; from bojar@intersys.com on Thu, Mar 29, 2001 at 11:02:28AM -0500 References: <01Mar29.110404est.115354@gateway.intersys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
E. Jordan Bojar (bojar@intersys.com) wrote:
> OK, last stupid question of the week, I hope. I'm setting up a single box
> on a hosting rack I don't own, and I want to lock it down best I can. I
> just want to let SSH, HTTP, and SMTP in for now.
>
> I understand how to do it with ipfw, but I assume those settings are lost in
> the case of accidental reboot, right?. If so, is the syntax for editing
> rc.firewall any different than ipfw?
>
> The "client" vs "simple" distinction also confuses me a tad, as I'm neither
> protecting a netowrk behind me nor do I have a network I trust in front, so
> neither of these prebuilts really work for me. Can I just have rc.firewall
> reference another file with ipfw rules, or replace it altogether with this?
You can set the firewall script in /etc/rc.conf e.g
<snip>
firewall_enable="YES" # Set to YES to enable firewall
# functionality
firewall_script="/etc/firewall/fwall" # Which script to run to set up the
# firewall
</snip>
In this shell script (by you) you can set your own firewall/ipfw rules.
--
//.......................................................................//
//Florian Bartels <f-bartels@web.de><f-bartels@uni.de> //
// <Power-two@gmx.de><f-bartels@extended.de> //
Not quite human any longer.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010329171835.B415>