Date: Mon, 6 Jul 1998 20:49:13 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: freebsd-questions@FreeBSD.ORG Cc: Julian Elischer <julian@whistle.com> Subject: Re: using IPFW as a firewall Message-ID: <199807060849.UAA17014@cyclops.xtra.co.nz> In-Reply-To: <Pine.BSF.3.95.980705214223.11619F-100000@current1.whistle.com> References: <199807060226.OAA25536@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5 Jul 98, at 21:42, Julian Elischer wrote:
> see /etc/rc.firewall.
>
>
> On Mon, 6 Jul 1998, Dan Langille wrote:
>
> > I've started playing around with IPFW in order to boost up the
> > protection around my home network. I've seen some
recommendations as to
> > what to filter out, but I haven't seen many explicit examples of what
> > rules will make up a nice simple firewall.
Well, I'm finally getting somewhere. I've chosen the simple firewall. But
three rules within /etc/rc.firewall must be commented out in order for
some stuff to work. Can anyone educate me as to why these rules
prevent ping, news, mail, etc from running on machines on my home
network? Those section of rc.firewall appear below.
---
# Stop RFC1918 nets on the outside interface
$fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif}
# Allow TCP through if setup succeeded
$fwcmd add pass tcp from any to any established
# Allow setup of any other TCP connection
$fwcmd add pass tcp from any to any setup
---
I'm also running natd. Where's the best place to put the rules pertaining
to natd? e.g. add divert natd all from any to any via ed0
I can't put them in rc.firewall as natd doesn't seem to be active at that
time.
--
Dan Langille
DVL Software Limited
http://www.dvl-software.com : for race timing solutions
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807060849.UAA17014>