Date: Sat, 31 Jan 2004 18:53:00 +0100 From: Peder Blom <dion@bredband.net> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? Message-ID: <20040131185300.3ced93f6.dion@bredband.net> In-Reply-To: <401BCEBB.90001@mac.com> References: <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com> <200401301947.54492.ecrist@adtechintegrated.com> <20040131153521.1d660315.peder.blom@bredband.net> <401BCEBB.90001@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 31 Jan 2004 10:50:19 -0500
Chuck Swiger <cswiger@mac.com> wrote:
> Peder Blom wrote:
> [ ... ]
> > Add this to your rc.conf: (instead of firewall_type=...):
> > firewall_script="/etc/grog.firewall"
> >
> > See /etc/defaults/rc.conf !
>
> While I won't speak against looking at /etc/defaults/rc.conf, setting
> firewall_type works fine; see the end of /etc/rc.firewall:
>
> *)
> if [ -r "${firewall_type}" ]; then
> ${fwcmd} ${firewall_flags} ${firewall_type}
> fi
> ;;
>
> --
> -Chuck
> _______________________________________________
Yes, that's the other way of doing it. The mentioning of scripts and the
fact that his file was in the form of a script made me assume that he
wanted to write his own script for setting up his firewall. On second
thought I realize that he might just as well want to do it your way and
define a set of rules to be read in by rc.firewall. (This might even be
the best solution).
I've never done it this way, but in this case I assume that you just
define the rules in '/etc/ERICS_firewall', thus:
--------------
add 100 pass all from any to any via lo0
add 200 deny all from any to 127.0.0.0/8
add 300 deny ip from 127.0.0.0/8 to any
add 600 allow all from any to any
--------------
Using your suggestions for rc.conf, of course.
Is this correct?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040131185300.3ced93f6.dion>