From owner-freebsd-questions  Mon Mar  3 09:32:37 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id JAA15280
          for questions-outgoing; Mon, 3 Mar 1997 09:32:37 -0800 (PST)
Received: from horst.bfd.com (horst.bfd.com [204.160.242.10])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA15275
          for <freebsd-questions@FreeBSD.org>; Mon, 3 Mar 1997 09:32:35 -0800 (PST)
Received: from harlie.bfd.com (bastion.bfd.com [204.160.242.14]) by horst.bfd.com (8.8.5/8.7.3) with SMTP id JAA00156; Mon, 3 Mar 1997 09:32:12 -0800 (PST)
Date: Mon, 3 Mar 1997 09:32:12 -0800 (PST)
From: "Eric J. Schwertfeger" <ejs@bfd.com>
To: Brandon Gillespie <brandon@cold.org>
cc: freebsd-questions@FreeBSD.org
Subject: Re: /etc/sysconfig for firewall?
In-Reply-To: <Pine.NEB.3.95.970303095416.15953A-100000@cold.org>
Message-ID: <Pine.BSF.3.95.970303092613.5225A-100000@harlie.bfd.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk



On Mon, 3 Mar 1997, Brandon Gillespie wrote:

> What options need to be on/off for a firewall?  do I define a default
> gateway?  what is it?  I know I turn on 'firewall'--do I set a routing
> daemon?

1: recompile a kernel with "options IPFIREWALL"
2: edit /etc/sysconfig for the following lines
	firewall=YES
	gateway=YES
3: edit /etc/rc.firewall to comply with your security plan.
4: reboot, and test thoroughly.  best done at the console, in case you
missed something and can now no longer get into the machine (I did that
once on a machine 2000 miles away).

step 2 assumes static routing, which I prefer on firewalls.  If you need
to use dynamic routing, rather than setting gateway to yes, you'll set
router to the type of router you plan on using.