From owner-freebsd-questions  Mon Jan 22 11: 5:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from spitfire.randys.org (unknown [63.207.239.22])
	by hub.freebsd.org (Postfix) with ESMTP id 37A7337B404
	for <freebsd-questions@FreeBSD.ORG>; Mon, 22 Jan 2001 11:05:16 -0800 (PST)
Received: from 192.168.100.2 (digime [192.168.100.2])
	by spitfire.randys.org (8.11.1/8.11.1) with ESMTP id f0MJ4sJ02138;
	Mon, 22 Jan 2001 11:04:57 -0800 (PST)
	(envelope-from freebsd@randys.org)
Date: Mon, 22 Jan 2001 11:04:58 -0800
From: randy // fBSD <freebsd@randys.org>
Subject: Re: Auto Startup
To: Igor Vieira Debacker <igor@viamax.com.br>
Cc: freebsd-questions@FreeBSD.ORG
X-Priority: 3
In-Reply-To: <003b01c084aa$4a8152f0$502ca8c0@MMDSC.COM.BR>
Message-ID: <20010122110458-r01010600-cb01cddd@192.168.100.2>
MIME-Version: 1.0
Content-Type: text/plain; Charset=US-ASCII
X-Mailer: Mailsmith 1.1.6 (Bluto)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 1/22/01,  Igor Vieira Debacker wrote:

> Greetings,
> 
> Every time i re-start my freeBSD i need to type this line
> 
> kldload ipwf --> to start the firewall
> 
> and then i need to re-type the rulez...
> 
> how can i make it do it by itself.. 
> 
> i used to know in slackware.. but in FreeBSD it is different...
> 
> thanx in advance
> 
> 

I'm no expert, but I think you need to compile the ipfw into the kernel so that it
loads at boot then create a config file with all your rules in it.

kernel stuff:
options IPFIREWALL
options IPFIREWALL_VERBOSE # for logging
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT

then you need to add some stuff to your rc.conf file:
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules" #file for rules
natd_enable="YES"

That's the general idea...here are a couple of links to get you started:
Firewall using PPP but I'm sure could be used/modified for your specific purposes
http://www.freebsd.org/tutorials/dialup-firewall/index.html

http://www.defcon1.org/html/NATD-config/firewall-setup/ipfw-1.html

Hope that helps a bit...you prolly want to do this all in console...or you could
potentially lock yourself out.

-randy
==========================================
                        freebsd@randys.org
                       spitfire.randys.org

For-pay Internet distributed processing.
http://www.ProcessTree.com/?sponsor=11087 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message