Re: where am I supposed to put my rc.firewall?
From: Chuck Swiger (cswiger_at_mac.com)
Date: 01/31/04
- Previous message: Cordula's Web: "Re: Transferring the root filesystem to a ramdisk?"
- In reply to: Peder Blom: "Re: where am I supposed to put my rc.firewall?"
- Next in thread: Eric F Crist: "Re: where am I supposed to put my rc.firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 31 Jan 2004 14:04:46 -0500 To: Peder Blom <dion@bredband.net>
Peder Blom wrote:
> I've never done it this way, but in this case I assume that you just
> define the rules in '/etc/ERICS_firewall', thus:
>
> --------------
> add 100 pass all from any to any via lo0
> add 200 deny all from any to 127.0.0.0/8
> add 300 deny ip from 127.0.0.0/8 to any
> add 600 allow all from any to any
> --------------
>
> Using your suggestions for rc.conf, of course.
>
> Is this correct?
Exactly. And then you add a preprocessor like cpp, and you can define:
####
# set these to your inside interface network and netmask and ip
#define IIF fxp0
#define INET 10.1.1.0/24
#define IIP 10.1.1.1
[ ...OIF info snipped... ]
# port number ranges
#define LOPORTS 1-1023
#define HIPORTS 1024-65535
# basic stuff
add 100 pass all from any to any via lo0
add deny all from any to 127.0.0.0/8
add deny ip from 127.0.0.0/8 to any
add deny all from INET to any in via OIF
add deny all from ONET to any in via IIF
...and go from there.
-- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Cordula's Web: "Re: Transferring the root filesystem to a ramdisk?"
- In reply to: Peder Blom: "Re: where am I supposed to put my rc.firewall?"
- Next in thread: Eric F Crist: "Re: where am I supposed to put my rc.firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
