Date: Wed, 19 Jan 2000 22:03:15 -0700 From: Brendan Conoboy <synk@swcp.com> To: freebsd-security@freebsd.org Cc: freebsd-config@freebsd.org Subject: ipf/ipfw/nat rc patch, rule generator Message-ID: <20000119220315.A7210@inago.swcp.com>
next in thread | raw e-mail | index | archive | help
Hi everybody, A couple weeks ago I promised people I'd write a patch that integrates ipf into FreeBSD's startup scripts. Here's what it does: Rearranges some things in rc.conf (relative to freebsd-current from a couple days ago, cvs tag in the diff), adding a number of features. Rewrites rc.firewall to: 1) Use either ipf, ipfw, some third party program, or nothing at all 2) Auto generate a sensible rule list, if configured to do so in rc.conf Creates rc.nat, the nat equivalent of rc.firewall rc.nat also generates a sensible rule list, if configured to do so. Updates rc.network to work with the new system Two additional files are introduced, /etc/nat.conf and /etc/firewall.conf. This is where the associated rules are stored. This is a change from the ipfw configuration being stored in the middle of rc.firewall. In order to not bog down the list, you can download the patch at: http://www.swcp.com/~synk/ipfmerge.patch All feedback would be much appreciated. I'd really like this to go into freebsd 4.0, or have something resembling this to go in. -Brendan (synk@swcp.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000119220315.A7210>