Date: Sat, 31 Jan 2004 14:04:46 -0500 From: Chuck Swiger <cswiger@mac.com> To: Peder Blom <dion@bredband.net> Cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? Message-ID: <401BFC4E.3090104@mac.com> In-Reply-To: <20040131185300.3ced93f6.dion@bredband.net> References: <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com> <200401301947.54492.ecrist@adtechintegrated.com> <20040131153521.1d660315.peder.blom@bredband.net> <401BCEBB.90001@mac.com> <20040131185300.3ced93f6.dion@bredband.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Peder Blom wrote: > I've never done it this way, but in this case I assume that you just > define the rules in '/etc/ERICS_firewall', thus: > > -------------- > add 100 pass all from any to any via lo0 > add 200 deny all from any to 127.0.0.0/8 > add 300 deny ip from 127.0.0.0/8 to any > add 600 allow all from any to any > -------------- > > Using your suggestions for rc.conf, of course. > > Is this correct? Exactly. And then you add a preprocessor like cpp, and you can define: #### # set these to your inside interface network and netmask and ip #define IIF fxp0 #define INET 10.1.1.0/24 #define IIP 10.1.1.1 [ ...OIF info snipped... ] # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 # basic stuff add 100 pass all from any to any via lo0 add deny all from any to 127.0.0.0/8 add deny ip from 127.0.0.0/8 to any add deny all from INET to any in via OIF add deny all from ONET to any in via IIF ...and go from there. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?401BFC4E.3090104>