Date: Wed, 22 Aug 2001 06:11:16 +0100 From: "Martin Schweizer" <info@pc-service.ch> To: "Dominic Marks" <dominic_marks@btinternet.com> Cc: <freebsd-stable@freebsd.org> Subject: Re: IPFirewall Message-ID: <004a01c12aca$342ded30$6502a8c0@server> References: <20010819201824.A330@pc-service.ch> <20010819184355.2724460E@host213-123-129-118.in-addr.btopenworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Dominic
I'm testing...
Thank you.
Regards,
Martin
--
PC-Service M. Schweizer
Gewerbehaus Schwarz
CH-8608 Bubikon
Tel: 055 243 30 00
Fax: 055 243 33 22
www.pc-service.ch
----- Original Message -----
From: "Dominic Marks" <dominic_marks@btinternet.com>
To: "Martin Schweizer" <info@pc-service.ch>
Cc: <freebsd-stable@freebsd.org>
Sent: Sunday, August 19, 2001 7:43 PM
Subject: Re: IPFirewall
> Hi,
>
> On Sunday 19 August 2001 7:18 pm, you wrote:
> > Hello
> >
> > I want use IPFirewall on my freebsd4.3-box. I read the handbook (chapter
> > 9.7.3 and following) and I also set the kernel options and re-compile
the
> > kernel. My questions:
> > - rc.conf: Do I need an entry for starting? If yes, which?
>
> Yes. See man rc.conf and /etc/defaults/rc.conf for listings on what
options
> are avaliable. (NOTE: Do not edit /etc/defaults/rc.conf).
>
> > - After this steps I can't connect over my ppp dailup th the Internet.
> > After I set "ipfw add allow all from any to any" it works. Why that?.
>
> Your firewall is set to deny by default.
>
> > - If I reboot all my rules are blow away. How can I make them resistent?
>
> Make your own firewall configuration file, eg: /etc/my.firewall and then
set
> your rules in that (it should be a shell script) examine /etc/rc.firewall
for
> inspiration or use one of the standard settings predefined for you in
> /etc/rc.firewall.
>
> > - If I want allow all from my freebsd-box to outside and all deny from
> > outside to my freebsd-box, which rule is correct (" ipfw add allow all
from
> > localhost to any" won't work? Why?
>
> localhost is not what you think it is. Literally localhost means the IP
> address 127.0.0.1. In this role it is not literally your computer but your
> computers loopback interface, which can only send and receive to and from
> itself.
>
> You should use the 'me' keyword (see man 8 ipfw) to represent your
machine.
>
> eg: ipfw add allow from me to any
>
> >
> > Thank you in advance.
>
> HTH
>
> --
> Dominic
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01c12aca$342ded30$6502a8c0>