RE: DHCP and the "SIMPLE" option in /etc/rc.firewall

From: JJB (Barbish3_at_adelphia.net)
Date: 07/30/04

  • Next message: Mark Ovens: "Re: backspace and delete keys behavior" 
    To: "James A. Coulter" <james.coulter@cox.net>, <freebsd-questions@freebsd.org>
Date: Fri, 30 Jul 2004 09:19:49 -0400

    The handbook Firewall section has been rewritten.

    It's temporally available from www.a1poweruser.com/FBSD_firewall/
    as the Doc group works to sanitize the English.
    It incorporates the long awaited solution to
    getting ipfw + natd + stateful rules to function together,
    as well as OpenBSD pf firewall which is scheduled to become
    the third built in firewall software solution delivered with
    the FreeBSD install when 5.x ever makes it to the stable branch.

    -----Original Message-----
    From: owner-freebsd-questions@freebsd.org
    [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of James A.
    Coulter
    Sent: Friday, July 30, 2004 8:59 AM
    To: freebsd-questions@freebsd.org
    Subject: DHCP and the "SIMPLE" option in /etc/rc.firewall

    I am setting up a firewall for a gateway/router running FreeBSD
    4.10.

    This is for a small home LAN.

    I have already compiled and installed a custom kernel with the
    IPFIREWALL
    and IPDIVERT options and configured the firewall to pass any to any
    without
    any problems - now it's time to start locking it down.

    I would like to use the firewall_type="SIMPLE" option rc.conf. But
    I'm not
    sure how I should set up my external nic in /etc/rc.firewall, i.e:

    # set these to your outside interface network and netmask and ip
            oif="ed0"
            onet="192.0.2.0"
            omask="255.255.255.240"
            oip="192.0.2.1"

    My outside interface is connected to a cable modem and is configured
    for
    DHCP

    Without a static IP address for my outside interface, how do I set
    these
    options?

    TIA for your help.

    Jim C.

    -----------------------------------
    Check it out: The Black Dog Gallery
    http://polaris.umuc.edu/~jcoulter

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to
    "freebsd-questions-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Mark Ovens: "Re: backspace and delete keys behavior"

    Relevant Pages

    • Re: ethernet device
      ... > system as a firewall, ... interface to the other but I want that the interfaces ... Créez votre Yahoo! ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list ...
      (Fedora)
    • RE: Two network cards - firewall starts twice or more
      ... your interface being brought up. ... I've added this to my script and now firewall starts once:) Great ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: Problems after IP change
      ... > I recently got a new IP on my outside interface, and I replaced the old IP ... > with the new one in my IPFW ruleset, and restarted natd. ... > It looks like something is wrong with my firewall, ... To unsubscribe, ...
      (freebsd-questions)
    • Re: ftp problem
      ... > here is my whole firewall script ... > # No restrictions on Loopback Interface ... > # or from this gateway server destine for the public Internet. ... > # Allow out secure FTP, Telnet, and SCP ...
      (freebsd-questions)
    • Re: Checkpoint experiences
      ... decide they want the firewall used by the big boys...often repeated, ... The Nokia appliance IPSO, is useful if you don't want to take the ... It is no wonder that the Nokia interface is called ... > billions on training, and classes, consultants, support contracts, etc. ...
      (comp.security.firewalls)