Date: Thu, 16 Dec 2004 13:44:18 -0500 From: Chuck Swiger <cswiger@mac.com> To: "traef06@ebasedsecurity.com" <traef06@ebasedsecurity.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw2 and preproc Message-ID: <41C1D782.3030703@mac.com> In-Reply-To: <20041216154043.5572E161A1@mail03.powweb.com> References: <20041216154043.5572E161A1@mail03.powweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
traef06@ebasedsecurity.com wrote: > I have read the man page for ipfw and searched the web looking for examples > of using ipfw2 and the preprocessor option. > > Does anybody have any examples? Try somthing like the following in /etc/rc.conf: #firewall_type='/etc/MY_firewall' #firewall_flags='-p /usr/bin/cpp' ...and create /etc/MY_firewall containing: #### # set these to your inside interface network and netmask and ip #define IIF sis0 #define INET 192.168.1.0/24 #define IIP 192.168.1.2 # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 # dynamic rules add check-state add allow tcp from any HIPORTS to INET 22,80,143,443,3128 setup keep-state add allow ip from INET to any keep-state add 65000 deny log ip from any to any -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C1D782.3030703>