Date: Mon, 12 Aug 2013 15:38:52 +0200 From: CeDeROM <cederom@tlen.pl> To: freebsd-stable@freebsd.org, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: 9.2-RC1 rc.firewall workstation type and myservices Message-ID: <CAFYkXjm1e1iYzLa3jSS8gU86N7etZnYmhiKF6EZqTwbP2jBEUg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello :-)
I just have setup some service on 9.2-RC1. I want this service to be
available on WAN but still I want to have stateful firewall running. I
am using workstation firewall type and put the service port on
firewall_myservices. However by default only TCP connections are
accepted, still I need to serve UDP connections. Wouldn't that be more
convenient to change "TCP" into "IP" for default firewall_myservices
and maybe add TCP and UDP for firewall_myservices_{tcp,udp} ? Below is
the script part..
Best regards,
Tomek
# Add permits for this workstations published services below
# Only IPs and nets in firewall_allowservices is allowed in.
# If you really wish to let anyone use services on your
# workstation, then set "firewall_allowservices='any'" in /etc/rc.conf
#
# Note: We don't use keep-state as that would allow DoS of
# our statetable.
# You can add 'keep-state' to the lines for slightly
# better performance if you fell that DoS of your
# workstation won't be a problem.
#
for i in ${firewall_allowservices} ; do
for j in ${firewall_myservices} ; do
${fwcmd} add pass tcp from $i to me $j
done
done
--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFYkXjm1e1iYzLa3jSS8gU86N7etZnYmhiKF6EZqTwbP2jBEUg>