Date: Wed, 22 Aug 2001 06:11:16 +0100 From: "Martin Schweizer" <info@pc-service.ch> To: "Dominic Marks" <dominic_marks@btinternet.com> Cc: <freebsd-stable@freebsd.org> Subject: Re: IPFirewall Message-ID: <004a01c12aca$342ded30$6502a8c0@server> References: <20010819201824.A330@pc-service.ch> <20010819184355.2724460E@host213-123-129-118.in-addr.btopenworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Dominic I'm testing... Thank you. Regards, Martin -- PC-Service M. Schweizer Gewerbehaus Schwarz CH-8608 Bubikon Tel: 055 243 30 00 Fax: 055 243 33 22 www.pc-service.ch ----- Original Message ----- From: "Dominic Marks" <dominic_marks@btinternet.com> To: "Martin Schweizer" <info@pc-service.ch> Cc: <freebsd-stable@freebsd.org> Sent: Sunday, August 19, 2001 7:43 PM Subject: Re: IPFirewall > Hi, > > On Sunday 19 August 2001 7:18 pm, you wrote: > > Hello > > > > I want use IPFirewall on my freebsd4.3-box. I read the handbook (chapter > > 9.7.3 and following) and I also set the kernel options and re-compile the > > kernel. My questions: > > - rc.conf: Do I need an entry for starting? If yes, which? > > Yes. See man rc.conf and /etc/defaults/rc.conf for listings on what options > are avaliable. (NOTE: Do not edit /etc/defaults/rc.conf). > > > - After this steps I can't connect over my ppp dailup th the Internet. > > After I set "ipfw add allow all from any to any" it works. Why that?. > > Your firewall is set to deny by default. > > > - If I reboot all my rules are blow away. How can I make them resistent? > > Make your own firewall configuration file, eg: /etc/my.firewall and then set > your rules in that (it should be a shell script) examine /etc/rc.firewall for > inspiration or use one of the standard settings predefined for you in > /etc/rc.firewall. > > > - If I want allow all from my freebsd-box to outside and all deny from > > outside to my freebsd-box, which rule is correct (" ipfw add allow all from > > localhost to any" won't work? Why? > > localhost is not what you think it is. Literally localhost means the IP > address 127.0.0.1. In this role it is not literally your computer but your > computers loopback interface, which can only send and receive to and from > itself. > > You should use the 'me' keyword (see man 8 ipfw) to represent your machine. > > eg: ipfw add allow from me to any > > > > > Thank you in advance. > > HTH > > -- > Dominic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01c12aca$342ded30$6502a8c0>