Date: Mon, 9 Oct 2000 19:50:54 -0500 From: David Drum <david@mu.org> To: freebsd-stable@FreeBSD.ORG Subject: Re: ipf vs. ipfw ? Message-ID: <20001009195054.A73207@elvis.mu.org> In-Reply-To: <20001009193445.T31338@speedy.gsinet>; from Gerhard.Sittig@gmx.net on Mon, Oct 09, 2000 at 07:34:45PM %2B0200 References: <20001008224359.R31338@speedy.gsinet> <Pine.BSF.4.21.0010082235080.3908-100000@turtle.looksharp.net> <20001009193445.T31338@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth Gerhard Sittig: > BTW: Did anyone miss the possibility to use (shell like) variables > in ipf rules, too? Is there someone who did something to achieve this? It isn't pretty, but I use: firewall_type="/etc/ipfw.conf" firewall_flags="-p/etc/ipfw.preproc.sh -DIP=1.2.3.4" in /etc/rc.conf. Then, /etc/ipfw.preproc.sh contains: #!/bin/sh cpp -P $@ | grep '[a-z]' The grep supresses blank lines that would otherwise confuse ipfw. Last but not least, /etc/ipfw.conf looks like this: add deny ip from IP to any in add allow icmp from any to IP icmptype 0,3,8,11 add allow icmp from IP to any etc. I've only provided a few rules as an example. ipfw -a list gives: 0300 0 0 deny ip from 1.2.3.4 to any in 1900 0 0 allow icmp from any to 1.2.3.4 icmptype 0,3,8,11 2000 0 0 allow icmp from 1.2.3.4 to any Regards, David Drum david@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001009195054.A73207>