Re: where am I supposed to put my rc.firewall?
From: Eric F Crist (ecrist_at_adtechintegrated.com)
Date: 01/31/04
- Previous message: Melvyn Sopacua: "Mysql socket security (Was: Re: i found something ugly about freeBSD)"
- In reply to: Chuck Swiger: "Re: where am I supposed to put my rc.firewall?"
- Next in thread: Peder Blom: "Re: where am I supposed to put my rc.firewall?"
- Reply: Peder Blom: "Re: where am I supposed to put my rc.firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Chuck Swiger <cswiger@mac.com> Date: Fri, 30 Jan 2004 19:47:47 -0600
On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote:
> Eric F Crist wrote:
> > I'm trying to add IPFW support. Where do I put my rc.firewall so that it
> > gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but
> > neither seems to get read.
>
> Specify the location of your firewall script in /etc/rc.conf like so:
>
> firewall_enable='YES'
> firewall_type='/etc/ERICS_firewall'
> firewall_flags='-p /usr/bin/cpp'
>
> [ You might choose to use some other preprocessor... ]
Well, here's what I have now. I have a file in /etc called grog.firewall.
It's contents are:
grog# more grog.firewall
ipfw -f flush
ipfw add 100 pass all from any to any via lo0
ipfw add 200 deny all from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any
ipfw add 600 allow all from any to any
In my /etc/rc.conf file, I have the following two entries pertaining to the
firewall:
firewall_enable="YES"
firewall_type="/etc/grog.firewall"
Now, this is a headless system, so I access it through the serial port. I
don't see any errors anywhere, but my ipfw show command, immediately after
boot, shows:
65535 481 38684 deny ip from any to any
What have I done wrong?
-- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588
- application/pgp-signature attachment: signature
- Previous message: Melvyn Sopacua: "Mysql socket security (Was: Re: i found something ugly about freeBSD)"
- In reply to: Chuck Swiger: "Re: where am I supposed to put my rc.firewall?"
- Next in thread: Peder Blom: "Re: where am I supposed to put my rc.firewall?"
- Reply: Peder Blom: "Re: where am I supposed to put my rc.firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- problem in smtp server
... FTP and the e-mail for the domain with qmail. ... All seems to work fine if
i disable the ipfw... ... $cmd 00010 allow all from any to any via lo0 ...
$cmd 00299 deny log all from any to any out via $pif ... (comp.unix.bsd.freebsd.misc) - Trouble with ipfw :( help!
... I have configured ipfw on my mail server... ... 00200 deny ip from any
to 127.0.0.0/8 ... 00800 allow tcp from any to me dst-port 25,110,995,143,993 setup
... (freebsd-questions) - IPFW, NATd, dnscache problems
... I can't for the life of me get port forwarding setup. ... part is that ipfw
is seeing the request come in (the appropriate rule's ... interface dc0 ... ipfw
-q add 00301 deny log all from any to 127.0.0.0/8 ... (comp.unix.bsd.freebsd.misc) - Re: Problems with ipfw and ssh
... the rule you have set to allow any, my same rule is deny any. ... I know I had
some issues with IPFW working for about 15 minutes, ... However I stuck with the ssh
rule since i mainly want to work remotely on ... On Thursday 12 October 2006 20:22, Spiros
Papadopoulos wrote: ... (freebsd-questions) - Re: ipfw question
... # Setup system for firewall service. ... ipfw add pass all from any to
any via lo0 ... ipfw add deny all from any to 127.0.0.0/8 ... ipfw add deny tcp
from any to any established ... (freebsd-questions)
