Date: Sat, 01 Mar 2003 11:19:31 -0500 From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net> To: freebsd-ipfw@freebsd.org Subject: Starting out with IPFW on 5.0 Message-ID: <200303011619.h21GJVtY071364@nic-naa.net>
next in thread | raw e-mail | index | archive | help
Hi,
I recently installed 5.0 on a set of boxes I'm deploying as part of an ISP.
I'd like to install packet filter rule sets on these.
I'm stumped by the change in device creation. In simpler times, MAKEDEV
wrapped the mknod(8) dirty work. This apparently isn't the case now.
So, from the 5.0 source (no cvsup), I've made the following changes to
GENERIC:
> # Firewall
> options IPFIREWALL #firewall
> options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
> options IPFIREWALL_FORWARD #enable transparent proxy support
> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
> options IPFIREWALL_DEFAULT_TO_ACCEPT #use ipf to close, not open
>
> # Do not decrement the ttl, hide firewall from traceroute class tools
> options IPSTEALTH #support for stealth forwarding
This builds and runs, but there are no devices -- /dev/{ipauth,ipl,ipstate},
so I've missed substantial clue.
Pointers appreciated. These nodes actually aren't intended to anything other
than be hosts.
Thanks in advance,
Eric
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303011619.h21GJVtY071364>