Date: Sun, 6 Aug 2000 13:10:56 -0700 (PDT) From: Ken Bolingbroke <hacker@bolingbroke.com> To: whitehat@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw woes Message-ID: <Pine.BSF.4.21.0008061307190.489-100000@fremont.bolingbroke.com> In-Reply-To: <398D86E7.96155C72@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Have you looked at the examples in /etc/rc.firewall? There are several variations there: open - will allow anyone in client - will try to protect just this machine simple - will try to protect a whole network closed - totally disables IP services except via lo0 interface UNKNOWN - disables the loading of firewall rules. filename - will load the rules in the given filename (full path required) Sounds like you want option "client". Set the following variables in /etc/rc.conf: firewall_enable="YES" firewall_type="client" Then reboot or do 'sh /etc/rc.firewall' at the console (not over a network connection!!), and things should be happy. Ken On Sun, 6 Aug 2000 whitehat@home.com wrote: > Hi..let me start by saying I have "RTFM" and looked for examples, but > none of them helped much. So any help you can provide will be much > appreciated. Here goes... > > This is my first experience with ipfw, and I have struggled with rules > ever since day one. X will not start, IRC will not work, etc. My ideal > setup is this: Deny by default, Allow X server connections by > localhost, allow all internet traffic from ed0 to my ISP (i use a cable > modem), allow IRC traffic, allow HTTP, and block everything else. If > someone could direct me towards an example ruleset that would do that, I > would be EXTREMELY greatful. Again, sorry for my newbie stupidity, i > apologize if it wasted your time. > > -Jon, > > Ex-linux user, New FreeBSD-devotee > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008061307190.489-100000>