Date: Sun, 2 Sep 2001 21:14:11 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: =?iso-8859-1?q?Keith=20Spencer?= <bsd2000au@yahoo.com.au> Cc: fbsd <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfilter firewall...how to? Message-ID: <20010902205845.Q506-100000@cactus.fi.uba.ar> In-Reply-To: <20010902225212.29432.qmail@web12006.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Sep 2001, Keith Spencer wrote: > Hi all, > I have followed a tute on building a solid firewall. > (Schlacter's) It was a great tute but too specific to > a machine. dhcp etc. How can i get some quick and > dirty info on how to hack the conf files (rules) to > get the darn thing to work when I don't know the DHCP > server ip and/or using a static ip as well as other > stuff What do you need? Allow DHCP through the firewall? Configure the public interface of the firewall using DHCP? For the later you need to add the following rules to your ipfilter conf file: pass out quick on <if> proto udp from 0/32 port = 68 to any port = 67 pass in quick on <if> proto udp from any port = 68 to any port = 67 To use a dynamic IP, use 0/32 which means "whatever IP the interface has" For example, the following rule allows outgoing ssh: pass out quick on tun0 proto tcp from 0/32 to any port = 22 flags S keep state Fer > Thanks Keith > > http://travel.yahoo.com.au - Yahoo! Travel > - Got Itchy feet? Get inspired! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010902205845.Q506-100000>