Date: Fri, 18 Aug 2000 21:57:36 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter v. ipfw Message-ID: <20000818215736.U252@speedy.gsinet> In-Reply-To: <002301c00946$67bd8c10$b8209fc0@marlowe>; from swb@grasslake.net on Fri, Aug 18, 2000 at 01:59:14PM -0500 References: <000f01c00939$0dd7b480$b8209fc0@marlowe><Pine.BSF.4.21.0008181054250.90214-100000@harlie.bfd.com><20000818141256.A29131@pir.net> <14749.32249.842000.944007@jef-nt.mdacc.tmc.edu> <002301c00946$67bd8c10$b8209fc0@marlowe>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 18, 2000 at 13:59 -0500, Shawn Barnhart wrote:
>
> While I'm creating a potential religious debate, does ipfilter
> allow you to output your rules in a format that enables them to
> be read in by ipf? In other words, can you do ipf list > foo
> and then do ipf add -f foo ?
ipfstat's output visually fits to how you write rules in your
config files. And a quick test of
ipfstat -in | ipf -I -Fa -f - -v
didn't give any error message. But I admit I haven't activated
and tested the set (that's one of the advantages of having an
inactive set to fiddle with without bothering the installed
rules:). And don't forget to handle "ipfstat -on", too. NAT
state is something you don't want to keep, I guess. :) And
despite you can list it, I wouldn't know how to restore it -- but
I don't see a big point in trying to do so.
It turns out you want to develop a rule set with
ipf -Fa
while not satisfied; do
echo whatever rule | ipf -f -
or
edit rules; ipf -f rules
done
( ipfstat -in; ipfstat -on; ) > rules
and use this (at boot time or when done fiddling) with
ipf -Fa -f rules
And remember you can "experiment" (to some extent) with the
inactive set -- see the manpage for further help on -I and -s.
And use the info at /usr/src/contrib/ipfilter/rules as well as
the HowTo at http://www.obfuscation.org/ipf/ and its mirrors
(pir.net and others).
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000818215736.U252>