Date: Mon, 9 Oct 2000 20:07:44 -0500 From: "Robert Banniza" <robert@terminus.rootprompt.net> To: <freebsd-stable@FreeBSD.ORG> Subject: RE: ipf vs. ipfw ? Message-ID: <NCBBJOFDILAPLLGMNBONIEHJCOAA.robert@terminus.rootprompt.net> In-Reply-To: <20001009195054.A73207@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Guys, I know this may be a little off topic considering this is the "stable" mailing list but for those that need help with setting up a firewall using ipfw, I have created a HOWTO on the subject including the rules that I used at the time. The URL is http://www.rootprompt.net/freebsd_firewall.html. I have taken quite a bit from the FreeBSD community and I thought I would give back by creating something that would have/did help me out. Enjoy... Robert -----Original Message----- From: owner-freebsd-stable@FreeBSD.ORG [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of David Drum Sent: Monday, October 09, 2000 7:51 PM To: freebsd-stable@FreeBSD.ORG Subject: Re: ipf vs. ipfw ? Quoth Gerhard Sittig: > BTW: Did anyone miss the possibility to use (shell like) variables > in ipf rules, too? Is there someone who did something to achieve this? It isn't pretty, but I use: firewall_type="/etc/ipfw.conf" firewall_flags="-p/etc/ipfw.preproc.sh -DIP=1.2.3.4" in /etc/rc.conf. Then, /etc/ipfw.preproc.sh contains: #!/bin/sh cpp -P $@ | grep '[a-z]' The grep supresses blank lines that would otherwise confuse ipfw. Last but not least, /etc/ipfw.conf looks like this: add deny ip from IP to any in add allow icmp from any to IP icmptype 0,3,8,11 add allow icmp from IP to any etc. I've only provided a few rules as an example. ipfw -a list gives: 0300 0 0 deny ip from 1.2.3.4 to any in 1900 0 0 allow icmp from any to 1.2.3.4 icmptype 0,3,8,11 2000 0 0 allow icmp from 1.2.3.4 to any Regards, David Drum david@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBJOFDILAPLLGMNBONIEHJCOAA.robert>