From owner-freebsd-security Tue Jun 19 6:50:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28]) by hub.freebsd.org (Postfix) with ESMTP id 7F6E037B407 for ; Tue, 19 Jun 2001 06:50:07 -0700 (PDT) (envelope-from veldy@veldy.net) Received: from HP2500B (localhost.veldy.net [127.0.0.1]) by veldy.net (Postfix) with SMTP id B67C2BA56; Tue, 19 Jun 2001 08:50:06 -0500 (CDT) Message-ID: <004701c0f8c6$bc14b2a0$3028680a@tgt.com> From: "Thomas T. Veldhouse" To: "default013 - subscriptions" , References: Subject: Re: IPFW newbie Date: Tue, 19 Jun 2001 08:50:00 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You will want to override the rules in /etc/defaults/rc.conf so that your firewall is enabled. I then suggest you write your own firewall script (in /etc/rc.conf, firewall_script="/etc/my.firewall.script") and setup the rules you want. Read through the existing /etc/rc.firewall script and you will learn a lot. Then use the manpage for ipfw and you will learn a lot more. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "default013 - subscriptions" To: Sent: Tuesday, June 19, 2001 2:11 AM Subject: IPFW newbie > Hi, > > I'm about to compile IPFW into the kernel for the first time... and just had > a quick question... also, if anyone has any tips I would appreciate it. > (this is going to be used on a webserver that runs everything from apache to > shoutcast...) > > I am going to compile it in using this option: > options IPFIREWALL_VERBOSE_LIMIT=10 > > My question is, I connect to my box using an SSH session. The default for > IPFW is not to accept connections correct? So after my machine reboots with > these new rules in place, will I have to set the IPFW rules in place so that > I can once again open an SSH session to it again? Or how does that work... > > Thanks > > Jordan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message