Date: Fri, 29 Dec 2017 17:21:34 +0800 From: =?UTF-8?B?5pa55Z2k?= <quinefang@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw rules for modern FreeBSD? Message-ID: <CADf1OUcriyXuG1t-iSY291X%2BpHFPC_1ee69WmxTKTWCLQv0XxQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Dear ipfw maintainer, I read the following from https://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=freebsd-release-ports#end . > The rule body has the following format: > > [*proto* *from* *src* *to* *dst*] [*options*] > > The first part (proto from src to dst) is for backward compatibility with > earlier versions of FreeBSD. In modern FreeBSD any match pattern > (including MAC headers, IP protocols, addresses and ports) can be speci- > fied in the *options* section. > > And, my firewall_script as follows: > #!/bin/sh fwcmd="/sbin/ipfw -q" ${fwcmd} -f flush ${fwcmd} add allow proto tcp src-ip me setup keep-state :default ${fwcmd} add allow proto udp src-ip me keep-state :default And, I found these rules is not protecting my FreeBSD box. Question: How can I write ipfw rules for modern FreeBSD only?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADf1OUcriyXuG1t-iSY291X%2BpHFPC_1ee69WmxTKTWCLQv0XxQ>