From owner-freebsd-questions Thu Mar 29 8:19: 0 2001 Delivered-To: freebsd-questions@freebsd.org Received: from neptune.localnet (pD950419F.dip.t-dialin.net [217.80.65.159]) by hub.freebsd.org (Postfix) with SMTP id 2499237B71B for ; Thu, 29 Mar 2001 08:18:51 -0800 (PST) (envelope-from f-bartels@uni.de) Received: (qmail 7093 invoked from network); 29 Mar 2001 16:18:48 -0000 Received: from unknown (HELO mercury.loclanet) (192.168.2.10) by 192.168.2.2 with SMTP; 29 Mar 2001 16:18:48 -0000 Received: by mercury.loclanet (sSMTP sendmail emulation); Thu, 29 Mar 2001 17:18:36 +0200 Date: Thu, 29 Mar 2001 17:18:36 +0200 From: "Florian Bartels" To: freebsd-questions@FreeBSD.ORG Subject: Re: rc.firewall vs. ipfw Message-ID: <20010329171835.B415@mercury.localnet> References: <01Mar29.110404est.115354@gateway.intersys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01Mar29.110404est.115354@gateway.intersys.com>; from bojar@intersys.com on Thu, Mar 29, 2001 at 11:02:28AM -0500 X-Operating-System: FreeBSD/4.3-BETA (i386) X-Uptime: 5:15PM up 2:52, 5 users, load averages: 0.05, 0.11, 0.11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG E. Jordan Bojar (bojar@intersys.com) wrote: > OK, last stupid question of the week, I hope. I'm setting up a single box > on a hosting rack I don't own, and I want to lock it down best I can. I > just want to let SSH, HTTP, and SMTP in for now. > > I understand how to do it with ipfw, but I assume those settings are lost in > the case of accidental reboot, right?. If so, is the syntax for editing > rc.firewall any different than ipfw? > > The "client" vs "simple" distinction also confuses me a tad, as I'm neither > protecting a netowrk behind me nor do I have a network I trust in front, so > neither of these prebuilts really work for me. Can I just have rc.firewall > reference another file with ipfw rules, or replace it altogether with this? You can set the firewall script in /etc/rc.conf e.g firewall_enable="YES" # Set to YES to enable firewall # functionality firewall_script="/etc/firewall/fwall" # Which script to run to set up the # firewall In this shell script (by you) you can set your own firewall/ipfw rules. -- //.......................................................................// //Florian Bartels // // // Not quite human any longer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message