Re: ipfw2 and preproc

[Chuck Swiger]

[EMAIL PROTECTED] wrote:
I have read the man page for ipfw and searched the web looking for examples
of using ipfw2 and the preprocessor option.
Does anybody have any examples?
Try somthing like the following in /etc/rc.conf:
#firewall_type='/etc/MY_firewall'
#firewall_flags='-p /usr/bin/cpp'
...and create /etc/MY_firewall containing:

# set these to your inside interface network and netmask and ip
#define IIF sis0
#define INET 192.168.1.0/24
#define IIP 192.168.1.2
# port number ranges
#define LOPORTS 1-1023
#define HIPORTS 1024-65535
# dynamic rules
add check-state
add allow tcp from any HIPORTS to INET 22,80,143,443,3128 setup keep-state
add allow ip from INET to any keep-state
add 65000 deny log ip from any to any
--
-Chuck
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

ipfw2 and preproc

[[EMAIL PROTECTED]]

I have read the man page for ipfw and searched the web looking for examples of 
using ipfw2 and the preprocessor option.

Does anybody have any examples?

Could I use the preproc option to create a deep packet inspection program?

Please help!

Thank you.
-- 
Thomas J. Raef
e-Based Security, Inc.
[EMAIL PROTECTED]

"You're either hardened - or you're hacked!"
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"