Date: Mon, 16 Oct 2000 15:49:32 -0700 (PDT) From: Mikko Tyolajarvi <mikko@dynas.se> To: peter@sysadmin-inc.com Cc: freebsd-questions@freebsd.org Subject: Re: ipfw startup Message-ID: <200010162249.e9GMnWK07783@explorer.rsa.com> References: <001601c037b6$189ea6c0$47010a0a@fire.sysadmininc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
(Cc: brutally changed to -questions)
In local.freebsd-security you write:
>I'm having difficulty getting ipfw to look at my ruleset on a 4.1-release
>box.
>i've compiled in the options needed to the kernel but when the box starts up
>i get
>IP packet filtering initialized...rule-based forwarding disabled, default to
>deny...
>and of course everything is denied except the loop back device.
>I've been unable to find any basic get-you-started type info. I'm new to
>ipfw and just want to use the default rc.firewall for now.
Put:
firewall_enable="YES"
firewall_type="open" # Or maybe "simple"
in /etc/rc.conf, to let everything through, and give you a chance of
experimenting with ipfw. When you think you have a good ruleset to
load, put it in a file (say /etc/ipfw.rules) and put
firewall_type="/etc/ipfw.rules"
in rc.conf. Or, if you feel like a real expert, roll your own
firewall initialization script and set firewall_script=/etc/yourscript,
replacing rc.firewall.
>I've read the entire security chapter as well as the article on dialup
>firewall configuration.
>pointers to any helpful how to info or advice is greatly appreciated.
ipfw(8) and /etc/rc.firewall perhaps?
$.02,
/Mikko
P.S. Hmm... you mention dialup? ppp(8) has some filtering
capabilities as well. They may well be sufficient, and will
handle dynamic IP resulting from PPP negotiation.
--
Mikko Työläjärvi_______________________________________mikko@rsasecurity.com
RSA Security
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010162249.e9GMnWK07783>