From owner-freebsd-questions@FreeBSD.ORG  Sun Feb 20 18:20:05 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AFC2816A4CF
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Feb 2005 18:20:05 +0000 (GMT)
Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk
	[130.159.196.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CCF1643D2D
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Feb 2005 18:20:04 +0000 (GMT)
	(envelope-from chodgins@cis.strath.ac.uk)
Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141])
	j1KIJnWu027685;	Sun, 20 Feb 2005 18:19:50 GMT
Message-ID: <4218D5F6.3070803@cis.strath.ac.uk>
Date: Sun, 20 Feb 2005 18:24:54 +0000
From: Chris Hodgins <chodgins@cis.strath.ac.uk>
User-Agent: Mozilla Thunderbird 1.0 (X11/20050204)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: SigmaX <scottclansman@cwazy.co.uk>
References: <421A21F4.1050509@cwazy.co.uk>
In-Reply-To: <421A21F4.1050509@cwazy.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for
	more information
X-CIS-MailScanner: Found to be clean
X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 6)
X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk
cc: freebsd-questions@freebsd.org
Subject: Re: IPFW config
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Feb 2005 18:20:05 -0000

SigmaX wrote:
> Heya;
> I have a FreeBSD 5.3 server that I access over SSH.  I followed the 
> handbook guide to loading the ipfw kernel module to setup a firewall.  I 
> made the mistake the other day of loading the firewall, which defaults 
> to block all, and rebooting, so I couldn't get into the system again 
> (Had to drive in and fix it :-P).  Anyway, what I need to know is how to 
> edit the ruleset manually BEFORE enabling the firewall.  I need to set 
> the rules, then load the kernel module, not vise versa.  I've never 
> dealt with ipfw without webmin, so I need some explicit answers :-).
> What I need to do its this:
> 
> Set IPFW to allow traffic on ports 80, 10000, and 23 (That's the default 
> SSH port, right?)
> Then start IPFW with the kernel module (I know how to do this)
> 
>    Thanx,
>         SigmaX
> 

You can put your rules in /etc/rc.firewall.  This is executed at startup.

See rc(8) and rc.conf(5).

Chris