Date: Thu, 23 Oct 2003 10:54:07 +0100 From: Philip Payne <philip.payne@uk.mci.com> To: freebsd-questions@freebsd.org Subject: RE: Firewall rules Message-ID: <36D04A8168B2D41182250008C7E6F87805671C14@ukcamexch2.cbg.uk.corp.eu.uu.net>
next in thread | raw e-mail | index | archive | help
Hi, I've found fwbuilder (/usr/ports/fwbuilder) to be very useful. Nice GUI = for writing your firewall policy. Some simple "Druids" :-/ for generating generic rulesets. Formerly, I've always configured the firewall from = command line but this certainly helps in managing your policy. I admit, I'm an IPFW person myself but fwbuilder theoretically supports ipfilter on FreeBSD as well (I haven't used it). One quirk, when using fwbuilder with IPFW, the divert to natd isn't supported so I'm installing the rules with a little script that inserts = the natd rule appropriately. --- #!/bin/sh <ruleset name>.fw # Installs the rules generated by fwbuilder ipfw delete 1 # delete the check-state rule at 00001 ipfw add 1 divert natd ip from any to any via <external interface> # = add new divert rule at 1 ipfw add 2 check-state # re-add the check-state 2 --- Phil. > -----Original Message----- > From: Petre Bandac [mailto:petre@kgb.ro] > Sent: 23 October 2003 09:13 > To: fbsd_user@a1poweruser.com; Mihail; freebsd-questions@freebsd.org > Subject: Re: Firewall rules >=20 >=20 > www.kgb.ro/Ipfw-HOWTO >=20 > HTH, >=20 > petre >=20 > On Wednesday 22 October 2003 18:05 Anno Domini, fbsd_user=20 > wrote using one of=20 > his keyboards: > > The FBSD handbook gives the idea that IPFW is the only firewall. > > FBSD also comes with ipfilter which is much easier to use and > > sertup. Google the questions archives for loads of info about > > configuring ipfilter. You will be glade you did. > > > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org > > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mihail > > Sent: Wednesday, October 22, 2003 9:29 AM > > To: freebsd-questions@freebsd.org > > Subject: Firewall rules > > > > Hello, > > > > I'm trying to set up a firewall with ipfw by using the client > > firewall type given in rc.firewall as an example. My problem > > is that the client rules don't allow me to do common > > web-browsing. What should I add to the script to > > resolve this without seriously compromising security? > > > > cheers, > > Mihail > > > > > > ----------------------------------------- > > Hot Mobiil - helinad, logod ja pilts=F5numid! > > http://portal.hot.ee > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" >=20 > --=20 > Login: petre Name: Petre Bandac > Directory: /home/petre Shell: /usr/local/bin/zsh > On since Sat Oct 18 00:13 (EEST) on ttyv0, idle 5 days 1:47=20 > (messages off) > On since Thu Oct 16 16:27 (EEST) on ttyv1, idle 5 days 10:35=20 > (messages off) > Last login Mon Oct 20 21:52 (EEST) on ttyp6 from lubyanka.kgb.ro > No Mail. > No Plan. >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36D04A8168B2D41182250008C7E6F87805671C14>