From owner-freebsd-questions@FreeBSD.ORG Sat Jan 31 09:54:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4346F16A4CE for ; Sat, 31 Jan 2004 09:54:25 -0800 (PST) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C8D243D75 for ; Sat, 31 Jan 2004 09:53:52 -0800 (PST) (envelope-from dion@bredband.net) Received: from Hecate.my.hell ([213.113.217.172] [213.113.217.172]) by mxfep02.bredband.com with SMTP id <20040131175338.MFGN25913.mxfep02.bredband.com@Hecate.my.hell>; Sat, 31 Jan 2004 18:53:38 +0100 Date: Sat, 31 Jan 2004 18:53:00 +0100 From: Peder Blom To: Chuck Swiger Message-Id: <20040131185300.3ced93f6.dion@bredband.net> In-Reply-To: <401BCEBB.90001@mac.com> References: <200401301846.52757.ecrist@adtechintegrated.com> <401AFCBB.1010300@mac.com> <200401301947.54492.ecrist@adtechintegrated.com> <20040131153521.1d660315.peder.blom@bredband.net> <401BCEBB.90001@mac.com> X-Mailer: Sylpheed version 0.9.8a (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: ecrist@adtechintegrated.com cc: freebsd-questions@freebsd.org Subject: Re: where am I supposed to put my rc.firewall? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 17:54:25 -0000 On Sat, 31 Jan 2004 10:50:19 -0500 Chuck Swiger wrote: > Peder Blom wrote: > [ ... ] > > Add this to your rc.conf: (instead of firewall_type=...): > > firewall_script="/etc/grog.firewall" > > > > See /etc/defaults/rc.conf ! > > While I won't speak against looking at /etc/defaults/rc.conf, setting > firewall_type works fine; see the end of /etc/rc.firewall: > > *) > if [ -r "${firewall_type}" ]; then > ${fwcmd} ${firewall_flags} ${firewall_type} > fi > ;; > > -- > -Chuck > _______________________________________________ Yes, that's the other way of doing it. The mentioning of scripts and the fact that his file was in the form of a script made me assume that he wanted to write his own script for setting up his firewall. On second thought I realize that he might just as well want to do it your way and define a set of rules to be read in by rc.firewall. (This might even be the best solution). I've never done it this way, but in this case I assume that you just define the rules in '/etc/ERICS_firewall', thus: -------------- add 100 pass all from any to any via lo0 add 200 deny all from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 600 allow all from any to any -------------- Using your suggestions for rc.conf, of course. Is this correct?