Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Feb 2006 19:16:20 +0000 (UTC)
From:      Daniel Gerzo <danger@rulez.sk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   docs/93764: [patch] addition to firewalls section - ipfw
Message-ID:  <20060223191620.9620D483F6A@tomas.elvandar.org>
Resent-Message-ID: <200602231920.k1NJK4tk030494@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         93764
>Category:       docs
>Synopsis:       [patch] addition to firewalls section - ipfw
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 23 19:20:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Daniel Gerzo
>Release:        FreeBSD 6.1-PRERELEASE i386
>Organization:
rulez.sk
>Environment:
System: FreeBSD 6.1-PRERELEASE #0: Wed Feb 15 02:22:30 CET 2006 root@redqueen.elvandar.org:/usr/obj/usr/src/sys/REDQUEEN i386
>Description:
>How-To-Repeat:
>Fix:

--- ipfw.diff begins here ---
--- /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.orig	Wed Feb 15 18:10:07 2006
+++ /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml	Wed Feb 22 10:00:23 2006
@@ -2283,7 +2283,50 @@
 
       <para>Set the script to run to activate your rules:</para>
 
-      <programlisting>firewall_script="/etc/ipfw.rules"</programlisting>
+      <programlisting>firewall_script="/etc/rc.firewall"</programlisting>
+
+      <para>Set the type of firewall.  This enables a simple pre-set
+	ruleset for <application>IPFW</application>:</para>
+      
+      <programlisting>firewall_type="open"</programlisting>
+
+      <para>Available values for this setting are:</para>
+
+      <itemizedlist>
+	<listitem>
+	  <para><literal>open</literal> &mdash; allow anyone in.</para>
+	</listitem>
+	<listitem>
+	  <para><literal>client</literal> &mdash; will protect only this
+	    machine.</para>
+	</listitem>
+	<listitem>
+	  <para><literal>simple</literal> &mdash; protect the whole
+	    network.</para>
+	</listitem>
+	<listitem>
+	  <para><literal>closed</literal> &mdash; entirely disables IP
+	    services except via lo0 interface.</para>
+	</listitem>
+	<listitem>
+	  <para><literal>UNKNOWN</literal> &mdash; disables the loading
+	    of firewall rules.</para>
+	</listitem>
+	<listitem>
+	  <para><replaceable>filename</replaceable> &mdash; will load the rules
+	    in the given filename (full path required).</para>
+	</listitem>
+      </itemizedlist>
+
+      <note>
+	<para>If <literal>firewall_type</literal> is set either to
+	  <literal>client</literal> or <literal>simple</literal>, the
+	  default rules found in <filename>/etc/rc.firewall</filename>
+	  should be reviewed to fit to the setup of the given machine.
+	  Also note, that the examples used in this chapter expect that
+	  the <literal>firewall_type</literal> is set to
+	  <filename>/etc/ipfw.rules</filename>.</para>
+      </note>
 
       <para>Enable logging:</para>
 
--- ipfw.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060223191620.9620D483F6A>