Date: 08 Jan 2004 17:54:08 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: freebsd-questions@freebsd.org Subject: Re: Trying to understand ipfirewall/divert/nat Message-ID: <4465fmuk4v.fsf@be-well.ilk.org> In-Reply-To: <200401070432.XAA14594728@shell.TheWorld.com> References: <200401070432.XAA14594728@shell.TheWorld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kenneth W Cochran <kwc@TheWorld.com> writes: > Would like to do similar things, e.g. allow/deny <insert > port/service/protocol here> & get all that to play nicely > with divert/natd. For example, with divert, it appears that > we should have a ruleset for "before" the divert & another > "mirror-image" ruleset for "after" divert. Where might I > find some nice explanations of the logic/strategy with this? Look carefully; it's not a mirror image. The "before" set is denying the addresses as destinations, while the "after" set is denying them as source addresses. > I guess what confuses me is /etc/rc.firewall does things one > way & the firewall(7) manpage another. Firewalls configurations differ. It's possible to struggle through without understanding what you're doing, but it's hard, and you're a lot more likely to make mistakes. > Where are some, umm, good sources of information about > ipfirewall (ipfw)? Seems all the books talk about are > Linux's ipchains & iptables & *bsd's ipf. The *good* books don't do much with any specific implementation. [I'm thinking of Cheswick/Bellovin, as well as the Zwicky book.] They cover the theory; if you have that, the syntax is pretty easy with any of them. -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4465fmuk4v.fsf>