Date: Mon, 3 Sep 2001 11:49:00 +1000 (EST) From: =?iso-8859-1?q?Keith=20Spencer?= <bsd2000au@yahoo.com.au> To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>, Keith Spencer <bsd2000au@yahoo.com.au> Cc: fbsd <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfilter firewall...how to? Message-ID: <20010903014900.6124.qmail@web12003.mail.yahoo.com> In-Reply-To: <20010902205845.Q506-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Fernando et al, Thanks for that..I presume therefore that for a tun0 iface and a a static ip, it would be instead of 0/32 pass out quick on <tun0> proto udp from 203.56.200.253 port = 68 to any port = 67 pass in quick on <tun0> proto udp from any port = 68 to any port = 67 Would this be correct?? What about samba connections to the machine from outside?? Is this just too risky? Any way to allow it safely? Thanks for that!!! --- Fernando Gleiser <fgleiser@cactus.fi.uba.ar> wrote: > On Mon, 3 Sep 2001, Keith Spencer wrote: > > > Hi all, > > I have followed a tute on building a solid > firewall. > > (Schlacter's) It was a great tute but too specific > to > > a machine. dhcp etc. How can i get some quick and > > dirty info on how to hack the conf files (rules) > to > > get the darn thing to work when I don't know the > DHCP > > server ip and/or using a static ip as well as > other > > stuff > > What do you need? Allow DHCP through the firewall? > Configure the public interface of the firewall using DHCP? > > For the later you need to add the following rules to > your ipfilter conf file: > > pass out quick on <if> proto udp from 0/32 port = 68 > to any port = 67 > pass in quick on <if> proto udp from any port = 68 > to any port = 67 > > To use a dynamic IP, use 0/32 which means "whatever > IP the interface has" > For example, the following rule allows outgoing ssh: > > pass out quick on tun0 proto tcp from 0/32 to any > port = 22 flags S keep state > > > Fer > > > > Thanks Keith > > > > http://travel.yahoo.com.au - Yahoo! Travel > > - Got Itchy feet? Get inspired! > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body > of the message > > > http://travel.yahoo.com.au - Yahoo! Travel - Got Itchy feet? Get inspired! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010903014900.6124.qmail>