Date: Wed, 4 Sep 2002 14:30:53 +0100 From: Daniel Bye <dan@slightlystrange.org> To: questions@FreeBSD.ORG Subject: Re: Macros in ipfw rules Message-ID: <20020904133053.GA91519@catflap.home.slightlystrange.org> In-Reply-To: <443cspq4ll.fsf@be-well.ilk.org> References: <20020903142632.GA71601@catflap.home.slightlystrange.org> <443cspq4ll.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 04, 2002 at 09:14:30AM -0400, Lowell Gilbert wrote: > Daniel Bye <dan@slightlystrange.org> writes: > > > I have managed to get our departmental intranet site migrated from Win2K > > to FreeBSD 4.6.2 (yay me - I did good ;-), and am now having trouble with > > ipfw. I want to use a macro to prevent large groups of networks and > > hosts from connecting, but I've drawn a blank with the syntax. > > You might want to consider doing it the other way around; create rules > for what traffic you want to let in, and then drop everything else. Yeah, agreed. However, I wanted to prevent googlebot.com et al from cataloguing the site, while allowing pretty much unrestricted access to everyone else. (This comes down to company politics, over which I have very little control). I have put a few "Deny from" clauses in httpd.conf, which is serving the purpose adequately for the time being. Ultimately, users will need username and password to log in, which I guess will stop everyone else anyways. (This IS happening tomorrow...) > > can use m4 or cpp, for example, but I cannot fathom the syntax necessary > > to establish the macros. > > A simple scripting language is a much easier way to do this. Hah! Of course. Always too keen to over-egg the pudding, as it were. > > Anyone have any pointers to some docs online I can look at, or example > > rules I can rip off? Or even a "reread the man pages, you twit, there's > > examples aplenty" would be OK ;-) > > The canonical set of examples is /etc/rc.firewall. I suspect that in > this case you will also find /usr/share/examples/ipfw to be useful, > and there's a large section in the FreeBSD handbook that you should > examine closely. I checked the handbook, but evidently not that closely... I will now go and look at /usr/share/examples/ipfw (I always forget that's there...). And of course, rc.firewall. I never think of these as a source of documentation. My bad. Thanks all for taking the time to respond - your words are appreciated. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020904133053.GA91519>