Date: Wed, 26 Nov 2003 10:40:48 -0800 From: "Mike Maltese" <mike@pcmedx.com> To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Cc: Dan Nelson <dnelson@allantgroup.com> Subject: Re: IPFILTER rules with shell symbloic substitution Message-ID: <008001c3b44c$cfaf6b40$f4f0a8c0@pcmedx.com> References: <MIEPLLIBMLEEABPDBIEGCEIJEOAA.fbsd_user@a1poweruser.com> <20031126181353.GC48692@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> /etc/rc.firewall has lots of examples using ipfw; the concepts should > work just as well with ipf. I'm not sure that's true. /etc/rc.firewall is a shell script, an IP Filter ruleset isn't. From the documentation and my own use of it, IP Filter doesn't support variable substitution. If you're running 5.x, you can run the pf port, which does support variables and some other neat expansion capabilities that can really condense and simplify your ruleset.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008001c3b44c$cfaf6b40$f4f0a8c0>