Date: Wed, 22 Aug 2001 06:11:21 +0100 From: "Martin Schweizer" <info@pc-service.ch> To: "Radoslav Vasilev" <rvasilev@uni-svishtov.bg> Cc: <freebsd-stable@freebsd.org> Subject: Re: IPFirewall Message-ID: <004b01c12aca$35be2a20$6502a8c0@server> References: <20010819201824.A330@pc-service.ch> <002f01c128ec$30492f20$52ad44c1@DECKLAND>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Radoslav I'm testing... Thank you. Regards, Martin -- PC-Service M. Schweizer Gewerbehaus Schwarz CH-8608 Bubikon Tel: 055 243 30 00 Fax: 055 243 33 22 www.pc-service.ch ----- Original Message ----- From: "Radoslav Vasilev" <rvasilev@uni-svishtov.bg> To: "Martin Schweizer" <info@pc-service.ch> Sent: Sunday, August 19, 2001 9:19 PM Subject: Re: IPFirewall > > > - rc.conf: Do I need an entry for starting? If yes, which? > from man rc.conf you have: > > firewall_enable > (bool) Set to NO if you do not want have firewall rules > loaded at startup, or YES if you do. If set to YES, and > the kernel was not built with IPFIREWALL, the ipfw kernel > module will be loaded. See also ipfilter_enable. > Whether compiled or not the kernel with IPFIREWALL option, setting > firewall_enable="YES" will do the work > > > - After this steps I can't connect over my ppp dailup th the Internet. > After > > I set "ipfw add allow all from any to any" it works. Why that? > > Well, so you have default-to-deny firewall. > Putting allow from any to any is senseless(at least ipfw is supposed to > filter on some basis) > Look in /etc/rc.firewall about some start filter rules. Or you can just > put(change it later!!!): > ipfw add XXX allow ip from YOU.IP.HE.RE to any via "ppp*" keep-state > (well, too rude indeed) > > > - If I reboot all my rules are blow away. How can I make them resistent? > > Again from rc.conf manual: > firewall_script > (str) If you want to run a firewall script other than > /etc/rc.firewall, set this variable to the full path to > that script. > Wondering about the format of the scriptfile? Take a look at > /etc/rc.firewall. So, you have > firewall_script="YES" /* again int the /etc/rc.conf > > > > > - If I want allow all from my freebsd-box to outside and all deny from > outside > > to my freebsd-box, which rule is correct (" ipfw add allow all from > localhost > > to any" won't work? Why? > > It depends on you network/subnetwork masks/ & address > ipfw add XXX allow ip from mynet/mask to any (all services for your lan > macines) > ipfw add YYY deny ip from not mynet/mask to mynet/mask > > After all, just check out man ipfw > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004b01c12aca$35be2a20$6502a8c0>