From owner-freebsd-stable  Sun Apr 22  2: 7:50 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mail.noos.fr (aragon.noos.net [212.198.2.75])
	by hub.freebsd.org (Postfix) with ESMTP id C2F0337B422
	for <freebsd-stable@FreeBSD.ORG>; Sun, 22 Apr 2001 02:07:46 -0700 (PDT)
	(envelope-from clefevre@poboxes.com)
Received: (qmail 3317509 invoked by uid 0); 22 Apr 2001 09:07:45 -0000
Received: from d165.dhcp212-198-231.noos.fr (HELO gits.dyndns.org) ([212.198.231.165]) (envelope-sender <clefevre@poboxes.com>)
          by aragon.noos.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for <freebsd-stable@FreeBSD.ORG>; 22 Apr 2001 09:07:45 -0000
Received: (from root@localhost)
	by gits.dyndns.org (8.11.3/8.11.3) id f3M97ho58738;
	Sun, 22 Apr 2001 11:07:44 +0200 (CEST)
	(envelope-from clefevre@poboxes.com)
To: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: default ipfilter rules
References: <005701c0c61e$728aa020$0200000a@satan>
	<n19dmsny.fsf@gits.dyndns.org> <20010419200217.U20830@speedy.gsinet>
X-Face: V|+c;4!|B?E%BE^{E6);aI.[<<r#uCVjK"~Ke!@0vxS/.,wki/c|uVnNV!BA-_gY2sfoGc3
        f{#/$PT>97Zd*>^#%Y5Cxv;%Y[PT-LW3;A:fRrJ8+^k"e7@+30g0YD0*^^3jgyShN7o?a]C
        la*Zv'5NA,=963bM%J^o]C
Reply-To: Cyrille Lefevre <clefevre@poboxes.com>
In-Reply-To: <20010419200217.U20830@speedy.gsinet>
Mail-Copies-To: never
From: Cyrille Lefevre <clefevre-lists@noos.fr>
Date: 22 Apr 2001 11:07:42 +0200
Message-ID: <g0f1b8v5.fsf@gits.dyndns.org>
Lines: 48
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Gerhard Sittig <Gerhard.Sittig@gmx.net> writes:

> On Thu, Apr 19, 2001 at 06:15 +0200, Cyrille Lefevre wrote:
> > "Daryl Chance" <dchance@midsouth.rr.com> writes:
> > 
> > > In light of the recent ipfilter problems, i was looking around
> > > in /etc and noticed that theres no default ipf.rules or
> > > ipfilter.rules.  Is there a reason for this?  ipfw has rc.firewall
> > [snip]
> > 
> > maybe the following files be installed in /usr/share/examples/ipf ?
> > 
> > /usr/src/contrib/ipfilter/rules
> 
> That's exactly what is referenced next to where the rules file is
> specified (see the below search commands).  What comes to mind is
> the fact that not everybody has sources available while
> /usr/share/examples is more probable to be installed (but yet
> cannot be taken as a given).  So the current situation might not
> really be satisfactory for most binary only installations.

for instance, I've done this :

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=26763

[snip]
> opened).  Preinstalled configuration can never be more than a
> template since everybody has different requirements.  Although I
> guess rc.firewall "translation" into ipf(5) syntax will be
> appreciated and accepted if provided and not only requested. :>

about that, I've just discovered this tool which may do the job.

http://coombs.anu.edu.au/~avalon/flc.html

The Filter Language Compiler (flc) generates rules for the various
packages which perform packet filtering from a common language.

[snip]

> Your .sig suits really fine into the thread. :)

well, this sentence is very popular, but can't remember who wrote it ?

Cyrille.
--
home: mailto:clefevre@poboxes.com   UNIX is user-friendly; it's just particular
work: mailto:Cyrille.Lefevre@edf.fr   about who it chooses to be friends with.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message