Date: Wed, 22 Aug 2001 06:11:21 +0100 From: "Martin Schweizer" <info@pc-service.ch> To: "Radoslav Vasilev" <rvasilev@uni-svishtov.bg> Cc: <freebsd-stable@freebsd.org> Subject: Re: IPFirewall Message-ID: <004b01c12aca$35be2a20$6502a8c0@server> References: <20010819201824.A330@pc-service.ch> <002f01c128ec$30492f20$52ad44c1@DECKLAND>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Radoslav
I'm testing...
Thank you.
Regards,
Martin
--
PC-Service M. Schweizer
Gewerbehaus Schwarz
CH-8608 Bubikon
Tel: 055 243 30 00
Fax: 055 243 33 22
www.pc-service.ch
----- Original Message -----
From: "Radoslav Vasilev" <rvasilev@uni-svishtov.bg>
To: "Martin Schweizer" <info@pc-service.ch>
Sent: Sunday, August 19, 2001 9:19 PM
Subject: Re: IPFirewall
>
> > - rc.conf: Do I need an entry for starting? If yes, which?
> from man rc.conf you have:
>
> firewall_enable
> (bool) Set to NO if you do not want have firewall rules
> loaded at startup, or YES if you do. If set to YES,
and
> the kernel was not built with IPFIREWALL, the ipfw
kernel
> module will be loaded. See also ipfilter_enable.
> Whether compiled or not the kernel with IPFIREWALL option, setting
> firewall_enable="YES" will do the work
>
> > - After this steps I can't connect over my ppp dailup th the Internet.
> After
> > I set "ipfw add allow all from any to any" it works. Why that?
>
> Well, so you have default-to-deny firewall.
> Putting allow from any to any is senseless(at least ipfw is supposed to
> filter on some basis)
> Look in /etc/rc.firewall about some start filter rules. Or you can just
> put(change it later!!!):
> ipfw add XXX allow ip from YOU.IP.HE.RE to any via "ppp*" keep-state
> (well, too rude indeed)
>
> > - If I reboot all my rules are blow away. How can I make them resistent?
>
> Again from rc.conf manual:
> firewall_script
> (str) If you want to run a firewall script other than
> /etc/rc.firewall, set this variable to the full path to
> that script.
> Wondering about the format of the scriptfile? Take a look at
> /etc/rc.firewall. So, you have
> firewall_script="YES" /* again int the /etc/rc.conf
>
>
>
> > - If I want allow all from my freebsd-box to outside and all deny from
> outside
> > to my freebsd-box, which rule is correct (" ipfw add allow all from
> localhost
> > to any" won't work? Why?
>
> It depends on you network/subnetwork masks/ & address
> ipfw add XXX allow ip from mynet/mask to any (all services for your lan
> macines)
> ipfw add YYY deny ip from not mynet/mask to mynet/mask
>
> After all, just check out man ipfw
>
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004b01c12aca$35be2a20$6502a8c0>