Date: Mon, 10 Jan 2000 19:57:53 +0000 From: Martin <Martin.Zibert1@guest.arnes.si> To: freebsd-newbies@FreeBSD.ORG Subject: not ipfw but rc.firewall Message-ID: <387A39C1.3DCB82B1@guest.arnes.si>
next in thread | raw e-mail | index | archive | help
Greetings.. First i would like to thank all of you, who helped me with ppp and thernets cards - it really helped me :-) But problems come and go.. and one of them came to me again :-) Here is the problem: i want to enable firewall on my FreeBSD box (3.4-RELEASE). I recompiled my kernel and added: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about options IPFILTER #kernel ipfilter support options IPFILTER_LOG #ipfilter logging The kernel compiled fine. But when i wanted to configure firewall i found out that there are 2 firewalls. One is ipfw and the other is in rc.firewall. If these sounds too newbie please forgive me. When i try to configure ipfw there are some problems.. if i type "ipfw add deny tcp from evil.crackers.org to nice.people.org 23" (like in example in handbook) it doesn't do anything.. if i do "ipfw -at l" it doesn't show this rule. And if i reboot my box, all of the rules are flushed. Now my question is, what must i do, so that i'll use only rc.firewall. I even removed that ipfw things from kernel, and in rc.conf edited a line "firewall_script="/etc/rc.firewall"" but it doesn't work - when i reboot it shows a help file of ipfw - wird if you ask me :-) I don't know how to tell FreeBSD where to look for firewall rule file. And does any1 know, how to set rules, if you have dynamic IPs ? I don't know how to set that "external interface", "internal interface" in rc.firewall etc. And another thing.. I have a box connected to net trough ethernet card. So the whole network uses one gateway - so if i want to connect a box to inet i have to set gw, where i configure ethernet card (during instalation - Additional network services -> interfaces). And when i have gws IPs set i just have to configure ethernet card and box will be connected ? Or are there some other things that i have to do ? Well if any1 can help me here i'll be very happy. Thanks.. bye.. Martin -- ----- Martin Zibert aka Peky <martin.zibert1@guest.arnes.si> "Ping - Protocol: Connectionless ; Definition: like shouting to a friend in a crowded room!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387A39C1.3DCB82B1>