Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Dec 2002 22:59:30 -0500
From:      "Asenchi" <asenchi@asenchi.com>
To:        "Gary D Kline" <kline@thought.org>, "FreeBSD Mailing List" <freebsd-questions@FreeBSD.ORG>
Subject:   RE: translation to ipfw?
Message-ID:  <MCBBIPCBOCKGABBHNNJCMEJAEKAA.asenchi@asenchi.com>
In-Reply-To: <20021215185246.GA18501@tao.thought.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Gary,

If you were to read this paper
(http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO
 33pgs.) it would describe ipfw.  It will also do some comparisons w/
ipf vs. ipfw

I guess I didn't really translate, but I figure you should understand
the syntax and the idea behind the translation.

Thx,

Curt Micol

-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Gary D Kline
Sent: Sunday, December 15, 2002 1:53 PM
To: FreeBSD Mailing List
Subject: translation to ipfw?




	Hi Folks,

	Can anybody translate the following ipf rules to ipfw for me?
	Given a few examples as a template, I should be able to
	handle the rest myself.

	According to some -security postings from 2000, the thought was
	that ipf was superior....  is this still the case?

	thanks in advance,

	gary



pass out quick on dc0 proto tcp from any to any keep state
pass out quick on dc0 proto udp from any to any keep state
pass out quick on dc0 proto icmp from any to any keep state
block out quick on dc0 all

# use next line if ISP uses DHCP
# pass in quick on dc0 proto udp from X.X.X.X/32 to any port = 68 keep
state

# Let in SSH on port 22
pass in quick on dc0 proto tcp from any to 216.231.43.140/32 port = 22
keep
state
pass in quick on dc0 proto udp from any to 216.231.43.140/32 port = 22
keep
state

.
.
.


# Let in FTP data connections
pass in quick on dc0 proto tcp from any to any port 7499 >< 8501
pass in quick on dc0 proto tcp from any to any port = 21

# Let pings return
pass in quick on dc0 proto icmp from any to 216.231.43.140/32
icmp-type
echo



--
   Gary Kline     kline@thought.org   www.thought.org     Public
service Unix


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MCBBIPCBOCKGABBHNNJCMEJAEKAA.asenchi>