Date: Tue, 3 Oct 2000 14:09:51 +1000 From: Troy Bell <troy@troysplace.net> To: TeRrAc <terrac@cloudfactory.org> Cc: FreeBSD IPFW list <freebsd-ipfw@FreeBSD.ORG> Subject: Re: IPFW + NAT, how do I slick this puppy up? Message-ID: <20001003140951.A20062@optimus.troysplace.net> In-Reply-To: <Pine.LNX.4.21.0010022049270.17474-100000@stratus.cloudfactory.org>; from terrac@cloudfactory.org on Mon, Oct 02, 2000 at 08:59:06PM -0700 References: <Pine.LNX.4.21.0010022049270.17474-100000@stratus.cloudfactory.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline TeRrAc wrote: > I have a freebsd 4.0 stable system running IPFW, NAT and DHCP. I want to > make this machine as slick as possible. One thing that is currently > buggered is that I do not have the rc.firewall file setup to automatically > load my rules. My ruleset is minor.. extremely minor. It just allows > everything from one side to the other. I want to be able to allow all > traffic out, but notunsolicited traffic back in (if that makes any > sense. Here is my ruleset.. > 00001 3550449 1697415913 divert 8668 ip from any to any via fxp0 > 00010 5466534 2771367031 allow ip from any to any > 65535 360 38536 deny ip from any to any Add this to /etc/rc.conf: firewall_enable="YES" firewall_type="/usr/local/etc/ipfw.rules" Then create a ruleset using the above file. For example, your file might look something like: add 00005 divert 8668 ip from any to any via fxp0 add 00010 allow ip from any to any I can email you a more robust rulset to work with off-list that might get you started on a neat little firewall for yourself if you like ;) <snip> I'm sure one of the other guys will provide a decent answer to your other problem. Kind regards, -- Troy Bell troy@troysplace.net Systems Administrator http://troysplace.net/ Twisted mind? No, just bent in several strategic places :) http://ars.userfriendly.org/cartoons/?id=20000928 --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE52VwOsjI+C6MQHUwRAmX0AJ4z1UGbzp6rI8BuuwBQNNmWzFwgyQCaAjAO qoQ5Pf2cCcHQvKN/GSjvfcY= =btfS -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001003140951.A20062>