Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Aug 2001 19:43:54 +0100
From:      Dominic Marks <dominic_marks@btinternet.com>
To:        Martin Schweizer <info@pc-service.ch>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: IPFirewall
Message-ID:  <20010819184355.2724460E@host213-123-129-118.in-addr.btopenworld.com>
In-Reply-To: <20010819201824.A330@pc-service.ch>
References:  <20010819201824.A330@pc-service.ch>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

On Sunday 19 August 2001 7:18 pm, you wrote:
> Hello
>
> I want use IPFirewall on my freebsd4.3-box. I read the handbook (chapter
> 9.7.3 and following) and I also set the kernel options and re-compile the
> kernel. My questions:
> - rc.conf: Do I need an entry for starting? If yes, which?

Yes. See man rc.conf and /etc/defaults/rc.conf for listings on what options 
are avaliable. (NOTE: Do not edit /etc/defaults/rc.conf).

> - After this steps I can't connect over my ppp dailup th the Internet.
> After I set "ipfw add allow all from any to any" it works. Why that?.

Your firewall is set to deny by default.

> - If I reboot all my rules are blow away. How can I make them resistent?

Make your own firewall configuration file, eg: /etc/my.firewall and then set 
your rules in that (it should be a shell script) examine /etc/rc.firewall for 
inspiration or use one of the standard settings predefined for you in 
/etc/rc.firewall.

> - If I want allow all from my freebsd-box to outside and all deny from
> outside to my freebsd-box, which rule is correct (" ipfw add allow all from
> localhost to any" won't work? Why?

localhost is not what you think it is. Literally localhost means the IP 
address 127.0.0.1. In this role it is not literally your computer but your 
computers loopback interface, which can only send and receive to and from 
itself.

You should use the 'me' keyword (see man 8 ipfw) to represent your machine.

eg: ipfw add allow from me to any

>
> Thank you in advance.

HTH

-- 
Dominic

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010819184355.2724460E>