From owner-freebsd-stable Tue Aug 21 21:17:51 2001 Delivered-To: freebsd-stable@freebsd.org Received: from obelix.spectraweb.ch (obelix.plusnet.ch [194.158.230.8]) by hub.freebsd.org (Postfix) with ESMTP id 0245B37B403 for ; Tue, 21 Aug 2001 21:17:03 -0700 (PDT) (envelope-from info@pc-service.ch) Received: from server (tch-ls-3-dialup-101.spectraweb.ch [194.230.249.101]) by obelix.spectraweb.ch (8.11.2/8.9.3/SuSE Linux 8.9.3-0.1) with SMTP id f7M4Grp18456; Wed, 22 Aug 2001 06:16:53 +0200 Message-ID: <004a01c12aca$342ded30$6502a8c0@server> From: "Martin Schweizer" To: "Dominic Marks" Cc: References: <20010819201824.A330@pc-service.ch> <20010819184355.2724460E@host213-123-129-118.in-addr.btopenworld.com> Subject: Re: IPFirewall Date: Wed, 22 Aug 2001 06:11:16 +0100 Organization: PC-Service M. Schweizer MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello Dominic I'm testing... Thank you. Regards, Martin -- PC-Service M. Schweizer Gewerbehaus Schwarz CH-8608 Bubikon Tel: 055 243 30 00 Fax: 055 243 33 22 www.pc-service.ch ----- Original Message ----- From: "Dominic Marks" To: "Martin Schweizer" Cc: Sent: Sunday, August 19, 2001 7:43 PM Subject: Re: IPFirewall > Hi, > > On Sunday 19 August 2001 7:18 pm, you wrote: > > Hello > > > > I want use IPFirewall on my freebsd4.3-box. I read the handbook (chapter > > 9.7.3 and following) and I also set the kernel options and re-compile the > > kernel. My questions: > > - rc.conf: Do I need an entry for starting? If yes, which? > > Yes. See man rc.conf and /etc/defaults/rc.conf for listings on what options > are avaliable. (NOTE: Do not edit /etc/defaults/rc.conf). > > > - After this steps I can't connect over my ppp dailup th the Internet. > > After I set "ipfw add allow all from any to any" it works. Why that?. > > Your firewall is set to deny by default. > > > - If I reboot all my rules are blow away. How can I make them resistent? > > Make your own firewall configuration file, eg: /etc/my.firewall and then set > your rules in that (it should be a shell script) examine /etc/rc.firewall for > inspiration or use one of the standard settings predefined for you in > /etc/rc.firewall. > > > - If I want allow all from my freebsd-box to outside and all deny from > > outside to my freebsd-box, which rule is correct (" ipfw add allow all from > > localhost to any" won't work? Why? > > localhost is not what you think it is. Literally localhost means the IP > address 127.0.0.1. In this role it is not literally your computer but your > computers loopback interface, which can only send and receive to and from > itself. > > You should use the 'me' keyword (see man 8 ipfw) to represent your machine. > > eg: ipfw add allow from me to any > > > > > Thank you in advance. > > HTH > > -- > Dominic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message