From owner-freebsd-security  Tue Jun 19  0:18:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mip.co.za (puck.mip.co.za [209.212.106.44])
	by hub.freebsd.org (Postfix) with ESMTP id 51B7137B407
	for <freebsd-security@FreeBSD.ORG>; Tue, 19 Jun 2001 00:18:34 -0700 (PDT)
	(envelope-from neilf@mip.co.za)
Received: from xyberpix.mip.co.za (xyberpix.mip.co.za [10.3.13.100])
	by mip.co.za (8.9.3/8.9.3) with SMTP id JAA30526;
	Tue, 19 Jun 2001 09:18:13 +0200 (SAST)
	(envelope-from neilf@mip.co.za)
From: Neil Fryer <neilf@mip.co.za>
Organization: MIP Holdings
To: "default013 - subscriptions" <default013subscriptions@hotmail.com>,
	"default013 - subscriptions" <default013subscriptions@hotmail.com>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: IPFW newbie
Date: Tue, 19 Jun 2001 09:15:11 +0200
X-Mailer: KMail [version 1.0.28]
Content-Type: text/plain;
  charset="iso-8859-1"
References: <OE34va7DYaOqlOQq2vX00002c3c@hotmail.com>
In-Reply-To: <OE34va7DYaOqlOQq2vX00002c3c@hotmail.com>
MIME-Version: 1.0
Message-Id: <0106190918132R.00481@xyberpix.mip.co.za>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

'ello again

Ok, if you have a look at LINT, there's something in there that says add an
entry to rc.conf, something along the lines of FIREWALL_TYPE=open, or something
like that, and then when you reboot you'll be allowed access. You can then just
remove this option when all your rules are in place.

Alternatively, you could write some rules to allow you to ssh into your box,
and save them in a script, and then in /etc/defaults/rc.conf, set the file for
ipfw to read, and then voila!

Cheers
Neil Fryer
neilf@mip.co.za


On Tue, 19 Jun 2001, default013 - subscriptions wrote:
> Hi,
> 
> I'm about to compile IPFW into the kernel for the first time... and just had
> a quick question... also, if anyone has any tips I would appreciate it.
> (this is going to be used on a webserver that runs everything from apache to
> shoutcast...)
> 
> I am going to compile it in using this option:
> options IPFIREWALL_VERBOSE_LIMIT=10
> 
> My question is, I connect to my box using an SSH session. The default for
> IPFW is not to accept connections correct? So after my machine reboots with
> these new rules in place, will I have to set the IPFW rules in place so that
> I can once again open an SSH session to it again? Or how does that work...
> 
> Thanks
> 
> Jordan
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- 
"Against stupidity, even the Gods struggle in vain."
					- Friedrich von Schiller

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message