From owner-freebsd-questions Sun Aug 6 13:11: 9 2000 Delivered-To: freebsd-questions@freebsd.org Received: from fremont.bolingbroke.com (adsl-216-102-90-210.dsl.snfc21.pacbell.net [216.102.90.210]) by hub.freebsd.org (Postfix) with ESMTP id CA17F37BA83 for ; Sun, 6 Aug 2000 13:11:04 -0700 (PDT) (envelope-from hacker@bolingbroke.com) Received: from fremont.bolingbroke.com (fremont.bolingbroke.com [216.102.90.210]) by fremont.bolingbroke.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id NAA33277; Sun, 6 Aug 2000 13:10:56 -0700 (PDT) Date: Sun, 6 Aug 2000 13:10:56 -0700 (PDT) From: Ken Bolingbroke To: whitehat@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw woes In-Reply-To: <398D86E7.96155C72@home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Have you looked at the examples in /etc/rc.firewall? There are several variations there: open - will allow anyone in client - will try to protect just this machine simple - will try to protect a whole network closed - totally disables IP services except via lo0 interface UNKNOWN - disables the loading of firewall rules. filename - will load the rules in the given filename (full path required) Sounds like you want option "client". Set the following variables in /etc/rc.conf: firewall_enable="YES" firewall_type="client" Then reboot or do 'sh /etc/rc.firewall' at the console (not over a network connection!!), and things should be happy. Ken On Sun, 6 Aug 2000 whitehat@home.com wrote: > Hi..let me start by saying I have "RTFM" and looked for examples, but > none of them helped much. So any help you can provide will be much > appreciated. Here goes... > > This is my first experience with ipfw, and I have struggled with rules > ever since day one. X will not start, IRC will not work, etc. My ideal > setup is this: Deny by default, Allow X server connections by > localhost, allow all internet traffic from ed0 to my ISP (i use a cable > modem), allow IRC traffic, allow HTTP, and block everything else. If > someone could direct me towards an example ruleset that would do that, I > would be EXTREMELY greatful. Again, sorry for my newbie stupidity, i > apologize if it wasted your time. > > -Jon, > > Ex-linux user, New FreeBSD-devotee > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message