Hi there, On Thu, Feb 26, 2004 at 01:13:08PM -0500, Shaun T. Erickson wrote: > Thanks for the resources. > > A couple of questions (because I'm new to FreeBSD): > > The ipfw man page in 5.2.1-RELEASE says that ipfw in CURRENT is ipfw2 > and that ipfw in STABLE is ipfw1. I still don't understand the > releationship between RELEASE and the other two, so I am not sure which > ipfw I have in 5.2.1-RELEASE.
If you are using ipfw on 5.2.1 you have ipfw2. Brief summary: -STABLE is at the moment based on FreeBSD 4. -CURRENT is based on FreeBSD 5. A -RELEASE is a snapshot of the state of the code at a particular point in time. 5.2.1-RELEASE is based on FreeBSD 5. Perhaps this page can help explain: http://www.freebsd.org/releng/index.html There's also more detail on the various tags at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html To get ipfw2 on 4.9 you need to recompile with the ipfw2 option in the kernel config - the ipfw man page has a section on this aspect. On a version note, while I personally have not experienced any problems running 5.2.1 it is a bit more bleeding edge than 4.9 for example. 4.9 is recommended if you want maximum stability for the moment. > I have read the following 5 excellent articles on ipfw, by Dru Lavigne. > Even though they were written in 2001, and thus pre-date ipfw2, I found > them to be a great crash course in ipfw, and the ipfw manpage in > 5.2.1-RELEASE just adds to it. > > In Dru's first article, she(?) discusses how the kernel must be modified > to support a firewall. She looks into /usr/src/sys/i386/conf/LINT to > find the relevant information that needs to be added to my kernel conf > file. I cannot find a LINT file on my 5.2.1-RELEASE system. Where can I > find complete information on what I need to do to my kernel? 4.9 and older used LINT to list all options for kernel config, 5 and onwards use a file called NOTES. There's one of these under /usr/src/sys/conf (for machine independant bits) and another under /usr/src/sys/i386/conf for i386 related (also other arch have their own) Refer to the following pages for more info: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/kernelconfig.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html /etc/rc.firewall is the best place to start for some sample rules and the ipfw man page is really quite good. With 5.2.1 you should not need to recompile a kernel to use ipfw or any of the other supported firewalls (ipfilter and pf). Which firewall you choose to go with is your choice. If you intend to use ipfw divert rule and natd you will probably need to compile a new kernel with the divert option added to the kernel config, ie: options IPDIVERT If you have firewall_enable="YES" in your /etc/rc.conf the kld should be loaded at boot time and the config will be pulled in from /etc/rc.firewall so you can start with firewall_type="SIMPLE" or whatever to get you going. Basically start with the man pages they cover just about everything. There is also the faq: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/networking.html For natd specifically: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html There is a lot of good information on the FreeBSD website so start there. For ipfw specifically you can also search browse the freebsd-ipfw mailing list. For other firewalls you can find specific lists or try freebsd-net for some questions. In general search the archives first to see if your question isn't already answered. http://www.freebsd.org/search/search.html#mailinglists Hope it helps, Tony _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
