Date: Sun, 2 Mar 2003 23:14:38 +0100 From: Yann Berthier <yb@sainte-barbe.org> To: freebsd-ipfw@freebsd.org Subject: Re: Starting out with IPFW on 5.0 Message-ID: <20030302221438.GC768@hsc.fr> In-Reply-To: <200303011619.h21GJVtY071364@nic-naa.net> References: <200303011619.h21GJVtY071364@nic-naa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 01 Mar 2003, Eric Brunner-Williams in Portland Maine wrote:
> Hi,
>
> I recently installed 5.0 on a set of boxes I'm deploying as part of an ISP.
>
> I'd like to install packet filter rule sets on these.
>
> I'm stumped by the change in device creation. In simpler times, MAKEDEV
> wrapped the mknod(8) dirty work. This apparently isn't the case now.
>
> So, from the 5.0 source (no cvsup), I've made the following changes to
> GENERIC:
>
> > # Firewall
> > options IPFIREWALL #firewall
> > options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
> > options IPFIREWALL_FORWARD #enable transparent proxy support
> > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
> > options IPFIREWALL_DEFAULT_TO_ACCEPT #use ipf to close, not open
> >
> > # Do not decrement the ttl, hide firewall from traceroute class tools
> > options IPSTEALTH #support for stealth forwarding
>
> This builds and runs, but there are no devices -- /dev/{ipauth,ipl,ipstate},
> so I've missed substantial clue.
What do you want to use to do ip filtering ? with the options in your
kernel file, it seems you want to use ipfw, so it's quite normal that
there is no /dev/{ipauth,ipl,ipstate}. If you want to use ipfilter,
add options IPFILTER and IPFILTER_LOG, the dev entries will be
created accordingly
As for MAKEDEV, this is no more relevant in a 5 land, you should
really read UPDATING btw before considering deploying it in a
production environment.
regards,
- yann
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030302221438.GC768>