From owner-freebsd-security@FreeBSD.ORG Tue Sep 7 10:51:29 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CA8D16A4CE for ; Tue, 7 Sep 2004 10:51:29 +0000 (GMT) Received: from Neo-Vortex.Ath.Cx (203-206-229-100.dyn.iinet.net.au [203.206.229.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8A4743D53 for ; Tue, 7 Sep 2004 10:51:27 +0000 (GMT) (envelope-from root@Neo-Vortex.Ath.Cx) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id i87ApO5x039289; Tue, 7 Sep 2004 20:51:25 +1000 (EST) (envelope-from root@Neo-Vortex.Ath.Cx) Date: Tue, 7 Sep 2004 20:51:24 +1000 (EST) From: Neo-Vortex To: brisbanebsd@mac.com In-Reply-To: <615788.1094553681580.JavaMail.brisbanebsd@mac.com> Message-ID: <20040907204931.C39262@Neo-Vortex.Ath.Cx> References: <615788.1094553681580.JavaMail.brisbanebsd@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security Subject: Re: ipfw2 in 5.2.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 10:51:29 -0000 On Tue, 7 Sep 2004 brisbanebsd@mac.com wrote: > hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling capability. I was going to try and place a freebsd box between this external netowrk and my internal network and only allow traffic from know MAC addresses. > > I cannot find a lot of info on google on compiling the kernal for ipfw2, and their is no man page for ipfw2 only ipfw. he he, thats because 5.2.1 uses ipfw2 by default... so yeah, when you enable the firewall in the kernel, its ipfw2 :P easiest way is just run 'kldload ipfw', but yeah, make sure your at the console because it DEFAULTS TO CLOSED! (ie, all communication will stop), and incase you need to quickly unload it, 'kldunload ipfw', you can compile it in the kernel, but yeah, to get started you can just use kldload :P nice and quick :P > If thisis the wrong list can someone please direct me to the right one. Ta. ~Neo-Vortex