Date: Sun, 19 Aug 2001 19:43:54 +0100 From: Dominic Marks <dominic_marks@btinternet.com> To: Martin Schweizer <info@pc-service.ch> Cc: freebsd-stable@freebsd.org Subject: Re: IPFirewall Message-ID: <20010819184355.2724460E@host213-123-129-118.in-addr.btopenworld.com> In-Reply-To: <20010819201824.A330@pc-service.ch> References: <20010819201824.A330@pc-service.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sunday 19 August 2001 7:18 pm, you wrote: > Hello > > I want use IPFirewall on my freebsd4.3-box. I read the handbook (chapter > 9.7.3 and following) and I also set the kernel options and re-compile the > kernel. My questions: > - rc.conf: Do I need an entry for starting? If yes, which? Yes. See man rc.conf and /etc/defaults/rc.conf for listings on what options are avaliable. (NOTE: Do not edit /etc/defaults/rc.conf). > - After this steps I can't connect over my ppp dailup th the Internet. > After I set "ipfw add allow all from any to any" it works. Why that?. Your firewall is set to deny by default. > - If I reboot all my rules are blow away. How can I make them resistent? Make your own firewall configuration file, eg: /etc/my.firewall and then set your rules in that (it should be a shell script) examine /etc/rc.firewall for inspiration or use one of the standard settings predefined for you in /etc/rc.firewall. > - If I want allow all from my freebsd-box to outside and all deny from > outside to my freebsd-box, which rule is correct (" ipfw add allow all from > localhost to any" won't work? Why? localhost is not what you think it is. Literally localhost means the IP address 127.0.0.1. In this role it is not literally your computer but your computers loopback interface, which can only send and receive to and from itself. You should use the 'me' keyword (see man 8 ipfw) to represent your machine. eg: ipfw add allow from me to any > > Thank you in advance. HTH -- Dominic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010819184355.2724460E>