From owner-freebsd-stable Mon Oct 9 17:51: 3 2000 Delivered-To: freebsd-stable@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id F103437B503 for ; Mon, 9 Oct 2000 17:50:59 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1061) id 6CE5F2B27D; Mon, 9 Oct 2000 19:50:54 -0500 (CDT) Date: Mon, 9 Oct 2000 19:50:54 -0500 From: David Drum To: freebsd-stable@FreeBSD.ORG Subject: Re: ipf vs. ipfw ? Message-ID: <20001009195054.A73207@elvis.mu.org> Mail-Followup-To: David Drum , freebsd-stable@FreeBSD.ORG References: <20001008224359.R31338@speedy.gsinet> <20001009193445.T31338@speedy.gsinet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001009193445.T31338@speedy.gsinet>; from Gerhard.Sittig@gmx.net on Mon, Oct 09, 2000 at 07:34:45PM +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Quoth Gerhard Sittig: > BTW: Did anyone miss the possibility to use (shell like) variables > in ipf rules, too? Is there someone who did something to achieve this? It isn't pretty, but I use: firewall_type="/etc/ipfw.conf" firewall_flags="-p/etc/ipfw.preproc.sh -DIP=1.2.3.4" in /etc/rc.conf. Then, /etc/ipfw.preproc.sh contains: #!/bin/sh cpp -P $@ | grep '[a-z]' The grep supresses blank lines that would otherwise confuse ipfw. Last but not least, /etc/ipfw.conf looks like this: add deny ip from IP to any in add allow icmp from any to IP icmptype 0,3,8,11 add allow icmp from IP to any etc. I've only provided a few rules as an example. ipfw -a list gives: 0300 0 0 deny ip from 1.2.3.4 to any in 1900 0 0 allow icmp from any to 1.2.3.4 icmptype 0,3,8,11 2000 0 0 allow icmp from 1.2.3.4 to any Regards, David Drum david@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message