From: Sam Carleton <scarleton@miltonstreet.com> To: freebsd-questions@freebsd.org Subject: ipfw is not working Message-ID: <38C9D32F.E8F2254A@miltonstreet.com>
next in thread | raw e-mail | index | archive | help
I am working on building a firewall script. First off, I have a
ipchains script that is working fine in Linux, is there some way to
eaily convert that over to ipfw? Here is the ipfw script I have so far,
real simple in my option:
-----------------------------------------
############
# Setup system for firewall service.
if [ -f /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
elif [ -f /etc/rc.conf ]; then
. /etc/rc.conf
fi
############
# Set quiet mode if requested
if [ "x$firewall_quiet" = "xYES" ]; then
fwcmd="/sbin/ipfw -q"
else
fwcmd="/sbin/ipfw"
fi
EXTERNAL_INTERFACE="ep0" # whichever you use
LOOPBACK_INTERFACE="lo0"
LOCAL_INTERFACE_1="ex0" # whichever you use
IPADDR="10.226.46.56/29"
LOCALNET_1="192.168.0.0/24" # whatever private range you use
LOOPBACK="127.0.0.0/8"
############
# Flush out the list before we begin.
$fwcmd -f flush
$fwcmd add 100 pass all from any to any via ${LOOPBACK_INTERFACE}
$fwcmd add 200 deny all from any to ${LOOPBACK}
$fwcmn add deny all from ${LOCALNET_1} to any in via
${EXTERNAL_INTERFACE}
$fwcmn add deny all from ${IPADDR} to any in via ${LOCAL_INTERFACE_1}
$fwcmd add 65000 pass all from any to any
-----------------------------------------
Here is the output:
-----------------------------------------
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
add: not found
add: not found
65000 allow ip from any to any
-----------------------------------------
I cannot figure out what is wrong the two deny lines that have the
output "add: not found". What am I doing wrong?
Sam Carleton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38C9D32F.E8F2254A>