Date: Thu, 5 Aug 2004 11:53:48 +0100 From: Philip Payne <philip.payne@uk.mci.com> To: Jonathan <poisondart@optonline.net> Cc: "FreeBSD Questions \(E-mail\)" <freebsd-questions@freebsd.org> Subject: RE: IPFW Configuration Message-ID: <A0A204EE2E51BC41BCDE3C1DD86D35ED0254358A@gblon1exch06.uk.mcilink.com>
next in thread | raw e-mail | index | archive | help
Hi Jonathan, > will be able to work. My box is located at a datacebter and my box is > allocated with about 90 IP addresses (and also the main > server IP which > was given to me when i first purchased the line). I would > like to know > how to configure /etc/rc.firewall to support my MAIN ip and > also how to > make sure the other IPS added to my box are recognized and > protected by > the firewall. > > Also I noticed in rc.firewall there are different modes to put the > firewall in like simple mode, client mode, etc. (different firewall > powers i guess). It would be greatly appreciated if someone > can show me > how to configure ipfw. I could not thank anyone more for the > future help > i might recieve on this issue. simple & client mode are just different rulesets within rc.firewall. You can of course specify your very own ruleset and point rc.conf at a different file than rc.firewall. Two things which may help. 1) There is a keyword "me" that you can use in IPFW rules that prevents you needing to specify the server's actual IP's. 2) fwbuilder.org is a very handy tool for generating firewall config. if the "me" keyword is too generic, you may find it easier have a gui that can hold different objects for each IP address useful.... rather than write repetitive firewall script lines. Also, if you're new to firewall policy sometimes a gui can help. If you want advice on generating a firewall policy, well... there are some high level design rules you can follow that helps. I've posted on this topic a number of times to the list so just search the archives. Lastly, and not meant in any rude way, if you haven't > man ipfw ... I personally found it very useful. Hope that helps Phil.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A0A204EE2E51BC41BCDE3C1DD86D35ED0254358A>