From owner-freebsd-questions@FreeBSD.ORG Fri Aug 3 11:51:42 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5BED16A419 for ; Fri, 3 Aug 2007 11:51:42 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 1841813C467 for ; Fri, 3 Aug 2007 11:51:41 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (vader.bytemobile.ondsl.gr [83.235.244.135]) (authenticated bits=128) by igloo.linux.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l73BpOeC031073 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 3 Aug 2007 14:51:31 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.1/8.14.1) with ESMTP id l73Bp8a3003160; Fri, 3 Aug 2007 14:51:24 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.1/8.14.1/Submit) id l73Bp8dM003159; Fri, 3 Aug 2007 14:51:08 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Fri, 3 Aug 2007 14:51:08 +0300 From: Giorgos Keramidas To: "Tuc at T-B-O-H.NET" Message-ID: <20070803115108.GA2202@kobe.laptop> References: <20070802182120.GA18907@kobe.laptop> <200708021849.l72IngJF075942@himinbjorg.tucs-beachin-obx-house.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200708021849.l72IngJF075942@himinbjorg.tucs-beachin-obx-house.com> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.906, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.49, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: Firewall rules / Proper directory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 11:51:42 -0000 On 2007-08-02 14:49, "Tuc at T-B-O-H.NET" wrote: >Giorgos Keramidas wrote: >>On 2007-08-02 12:36, "Tuc at T-B-O-H.NET" wrote: >>> Hi, >>> I'm developing firewall rules for a machine, and I'm wondering what >>> the standard is for putting my version of an ipfw "firewall_script"? >> >> I usually save my rules in '/etc/pf.conf' or '/etc/ipfw.rules'. >> >> It's not like the '/etc' directory is a "please do not touch" area. > > Thanks... > > I always DO try to keep things out of /etc if at all possible, I > regard that as "system space", and if I do "trespass" into it its > usually a file or directory previously allocated for that > (/etc/rc.conf, /etc/mail/*). That's ok, but it's not like the world is going to end if you add a bit of customization to '/etc' files. We have mergemaster(8) to make sure these local updates and customizations are not lost when you upgrade :-) > I've made a "/etc/rc.firewall.local".... I may rename it in the future > to stand out more, but we'll see how it goes for now. Neat. Have fun with the new firewall ruleset then.