From owner-freebsd-stable Sun Aug 19 11:43:50 2001 Delivered-To: freebsd-stable@freebsd.org Received: from host213-123-129-118.in-addr.btopenworld.com (host213-123-129-118.in-addr.btopenworld.com [213.123.129.118]) by hub.freebsd.org (Postfix) with ESMTP id EA34137B408 for ; Sun, 19 Aug 2001 11:43:45 -0700 (PDT) (envelope-from dominic_marks@btinternet.com) Received: from there (localhost [127.0.0.1]) by host213-123-129-118.in-addr.btopenworld.com (Postfix) with SMTP id 2724460E; Sun, 19 Aug 2001 19:43:55 +0100 (BST) Content-Type: text/plain; charset="iso-8859-1" From: Dominic Marks Organization: Student To: Martin Schweizer Subject: Re: IPFirewall Date: Sun, 19 Aug 2001 19:43:54 +0100 X-Mailer: KMail [version 1.3] References: <20010819201824.A330@pc-service.ch> In-Reply-To: <20010819201824.A330@pc-service.ch> Cc: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20010819184355.2724460E@host213-123-129-118.in-addr.btopenworld.com> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, On Sunday 19 August 2001 7:18 pm, you wrote: > Hello > > I want use IPFirewall on my freebsd4.3-box. I read the handbook (chapter > 9.7.3 and following) and I also set the kernel options and re-compile the > kernel. My questions: > - rc.conf: Do I need an entry for starting? If yes, which? Yes. See man rc.conf and /etc/defaults/rc.conf for listings on what options are avaliable. (NOTE: Do not edit /etc/defaults/rc.conf). > - After this steps I can't connect over my ppp dailup th the Internet. > After I set "ipfw add allow all from any to any" it works. Why that?. Your firewall is set to deny by default. > - If I reboot all my rules are blow away. How can I make them resistent? Make your own firewall configuration file, eg: /etc/my.firewall and then set your rules in that (it should be a shell script) examine /etc/rc.firewall for inspiration or use one of the standard settings predefined for you in /etc/rc.firewall. > - If I want allow all from my freebsd-box to outside and all deny from > outside to my freebsd-box, which rule is correct (" ipfw add allow all from > localhost to any" won't work? Why? localhost is not what you think it is. Literally localhost means the IP address 127.0.0.1. In this role it is not literally your computer but your computers loopback interface, which can only send and receive to and from itself. You should use the 'me' keyword (see man 8 ipfw) to represent your machine. eg: ipfw add allow from me to any > > Thank you in advance. HTH -- Dominic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message