From owner-freebsd-questions@FreeBSD.ORG Wed Dec 22 17:39:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EBF016A4CE for ; Wed, 22 Dec 2004 17:39:34 +0000 (GMT) Received: from kende.com (ns1.kende.com [66.17.131.94]) by mx1.FreeBSD.org (Postfix) with SMTP id A828C43D3F for ; Wed, 22 Dec 2004 17:39:33 +0000 (GMT) (envelope-from andras@kende.com) Received: (qmail 39436 invoked by uid 0); 22 Dec 2004 17:39:37 -0000 Received: from unknown (HELO a) (24.1.129.219) by ns1.kende.com with SMTP; 22 Dec 2004 17:39:37 -0000 From: "Andras Kende" To: "'Dott. Surricani'" , Date: Wed, 22 Dec 2004 11:39:35 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: <4591fd91041222084112f01de8@mail.gmail.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcToRSXuba11zoAfTP2xmfuihyUiNAAB+Xwg Message-Id: <20041222173933.A828C43D3F@mx1.FreeBSD.org> Subject: RE: problem with IPFILTER X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Dec 2004 17:39:34 -0000 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Dott. Surricani Sent: Wednesday, December 22, 2004 10:42 AM To: questions@FreeBSD.org Subject: problem with IPFILTER Hello everybody. I've succesfully set up an Inclusive Firewall for my small Lan, how explained in Chapter 24 of the Handbook, with IPFILTER and ipnat (Either with kld modules). I've included in rc.conf the lines neeeded and i've written custom ipf.rules and ipnat.rules... It's super, and work great, but I've got a problem/question: each time I restart the server the rules are cleared and It leave all packets enter and exit an I have to type in the shell ipf -Fa -f /etc/ipf.rules and ipnat -CF -f /etc/ipnat.rules It's very boring.... What I can do to automate this task? Thanks all very much!!!! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hello /etc/rc.conf : #Enable routing packets between interfaces gateway_enable="YES" #Bring up the ipfilter software ipfilter_enable="YES" #Tell ipfilter where to get its rules ipfilter_rules="/etc/ipf.rules" #Enable ipnat ipnat_enable="YES" #Tell ipnat where to get its rules ipnat_rules="/etc/ipnat.rules" Best regards, Andras Kende http://www.kende.com