Date: Sat, 15 Jan 2000 18:05:05 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: dave@leask.net (David W. Leask) Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Ipfw kernel reconfig necessary? Message-ID: <200001152305.SAA53148@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <NDBBJHMBGELLPJPNKEBKAEDDCDAA.dave@leask.net> from "David W. Leask" at "Jan 15, 2000 11:21:38 am"
next in thread | previous in thread | raw e-mail | index | archive | help
David W. Leask wrote, [Charset iso-8859-1 unsupported, filtering to ASCII...] > I am getting ready to convert my filtering router from Linux to FreeBSD and > I have a couple questions. According to the handbook, a kernel recompile is > needed to enable ipfw. Is this true for FreeBSD 3.4 Release? Yes. > I'm assuming > its already in the kernel and I just need to set the firewall type in > /etc/rc.conf. No. Why are you assuming that? > It looks like /etc/rc.firewall wants a firewall_type defined. > Is there any more current info other than the handbook? The "firewall_type" just tells rc.firewall what set of default rules to use, but... > If someone knows of a conversion chart or script for transitioning from > ipchains to ipfw this would also be very helpful. Since you will be creating your own set of rules, it is probably a moot point. Unless you have a _long_ set of rules, converting them from IPCHAINS to IPFW should not be too daunting of a task to do by hand. However, there may be awk or Perl scripts out there to do it. But since IPCHAINS has the whole concept of "chains" that IPFW does not, automating the process would be tough. Once you have created your own set of rules, I would suggest putting them in a file called something like, /etc/rc.firewall.local or /etc/rc.firewall.<hostname>, and change the "firewall_script" variable accordingly in /etc/rc.conf. Then forget about "firewall_type." -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001152305.SAA53148>