Re: iptables

From: Steve Schofield (steve_at_bgeek.com)
Date: 08/31/03 

To: <freebsd-newbies@freebsd.org>
Date: Sun, 31 Aug 2003 15:22:16 -0400

i use ipfilter as a loadable module in the /etc/rc.conf. Its loaded on
boot. For better perf, its good to compile into the KERNEL but heck it
works so i'm happy with the way it is. Do a google search on IPFILTER or
IPFW (IPFW is built in I think) to get more info.

//Put this in your /etc/rc.conf
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf -Fa -f"
ipfilter_rules="/etc/ipf.conf"
ipfilter_flags="-Ds"
ipmon_enable="YES"
ipmon_flags="-Dn /var/log/firewall_logs"

create a file called ipf.conf in the /etc/ directory
here are some sample rules I use.
to refresh a rule w/o rebooting type in ipf -Fa -f /etc/ipf.conf

pass in quick on xl0 proto tcp from any to any port = 25 keep state
pass in quick on xl0 proto tcp from any to any port = 110 keep state
pass in quick on xl0 proto tcp from any to any port = 143 keep state
pass out quick proto tcp all keep state
block in log quick on xl0 proto tcp from any to any
----- Original Message -----
From: "Taulant Galimuna" <taulant@ipko.net>
To: <freebsd-newbies@freebsd.org>
Sent: Sunday, August 31, 2003 2:31 PM
Subject: iptables

> Hi!
> I just wanted to know if ther's any "firewall" like iptables and ipchains
> (linux) on FreeBSD ??
>
> regards,
> Taulant
>
> _______________________________________________
> freebsd-newbies@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-newbies
> To unsubscribe, send any mail to "freebsd-newbies-unsubscribe@freebsd.org"
>

_______________________________________________
freebsd-newbies@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-newbies
To unsubscribe, send any mail to "freebsd-newbies-unsubscribe@freebsd.org"