Re: Do I need to recompile my standard kernel to enable ipfw?

From: Matthew Seaman <m.seaman@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 26 Aug 2007 09:12:52 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aminuddin wrote:

Do I need to do the above if I'm not using the NAT function?
I'm using 6.2 release.

No. IPFW is available via a loadable kernel module. Just add
firewall_enable="YES" to /etc/rc.conf, choose your firewall type
from /etc/rc.firewall and add firewall_type="FOO" also to
/etc/rc.conf plus write yourself a custom ruleset if you need
something other than one of the prepackaged ones. Then reboot and test.

However, beware that the default setting without any firewall rules
installed is 'block everything via the network', so make sure you've
got console access when setting this up.

Also, I'd definitely recommend using PF rather than IPFW. Mostly
that's personal preference, but I've used both IPFW and PF quite
extensively, and IMHO PF blows IPFW out of the water.

Cheers,

Matthew

- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG0TYE8Mjk52CukIwRCLdeAJ9L40C893hhFZfoSuPVqIFf7JT17wCeNIKQ
fQ0N8JuSM/ikLnCgpucmQGM=
=h9ur
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

References:
- RE: Do I need to recompile my standard kernel to enable ipfw?
  - From: Aminuddin

Prev by Date: Re: TCP packets don't flow from external hosts to WinVista clients behind
Next by Date: Re: How to block 200K ip addresses?
Previous by thread: RE: Do I need to recompile my standard kernel to enable ipfw?
Next by thread: TCP packets don't flow from external hosts to WinVista clients behind
Index(es):
- Date
- Thread