From owner-freebsd-questions Sun Dec 15 20: 0:45 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D15C37B401 for ; Sun, 15 Dec 2002 20:00:43 -0800 (PST) Received: from nyogtha.unknownkadath.net (nyogtha.unknownkadath.net [209.153.153.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id B23EB43EA9 for ; Sun, 15 Dec 2002 20:00:41 -0800 (PST) (envelope-from asenchi@asenchi.com) Received: from asenchi (12-245-211-155.client.attbi.com [12.245.211.155]) by nyogtha.unknownkadath.net (8.12.2/8.12.2) with SMTP id gBG4DFRs014608; Sun, 15 Dec 2002 23:13:17 -0500 (EST) From: "Asenchi" To: "Gary D Kline" , "FreeBSD Mailing List" Subject: RE: translation to ipfw? Date: Sun, 15 Dec 2002 22:59:30 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <20021215185246.GA18501@tao.thought.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello Gary, If you were to read this paper (http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO 33pgs.) it would describe ipfw. It will also do some comparisons w/ ipf vs. ipfw I guess I didn't really translate, but I figure you should understand the syntax and the idea behind the translation. Thx, Curt Micol -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Gary D Kline Sent: Sunday, December 15, 2002 1:53 PM To: FreeBSD Mailing List Subject: translation to ipfw? Hi Folks, Can anybody translate the following ipf rules to ipfw for me? Given a few examples as a template, I should be able to handle the rest myself. According to some -security postings from 2000, the thought was that ipf was superior.... is this still the case? thanks in advance, gary pass out quick on dc0 proto tcp from any to any keep state pass out quick on dc0 proto udp from any to any keep state pass out quick on dc0 proto icmp from any to any keep state block out quick on dc0 all # use next line if ISP uses DHCP # pass in quick on dc0 proto udp from X.X.X.X/32 to any port = 68 keep state # Let in SSH on port 22 pass in quick on dc0 proto tcp from any to 216.231.43.140/32 port = 22 keep state pass in quick on dc0 proto udp from any to 216.231.43.140/32 port = 22 keep state . . . # Let in FTP data connections pass in quick on dc0 proto tcp from any to any port 7499 >< 8501 pass in quick on dc0 proto tcp from any to any port = 21 # Let pings return pass in quick on dc0 proto icmp from any to 216.231.43.140/32 icmp-type echo -- Gary Kline kline@thought.org www.thought.org Public service Unix To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message