questions about static ipfw rules
running 4.7 with firewall, natd enabled kernel. i wish to create firewall rules outside of the rc.firewall script that remain static across reboots. to that end, i created a set (rc.firewall.rules), pointing rc.conf to that set: firewall_enable=YES firewall_type=/etc/rc.firewall.rules natd_enable=YES.etc /etc/rc.firewall.rules lines are in the format: add 00100 all ip from any to any via lo0 add 00200 deny ip from any to 127.0.0.0/8 ...etc. is this right? when i boot to these conditions, and ipfw show, i get the set that appears when i set firewall_type=OPEN is this the proper format for rules in a static file? regards to all! stephen d. kingrea To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: questions about static ipfw rules
Stephen D. Kingrea [EMAIL PROTECTED] writes: firewall_enable=YES firewall_type=/etc/rc.firewall.rules This should be one of client etc, see rc(8) for more information. norbert. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: questions about static ipfw rules
On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote: running 4.7 with firewall, natd enabled kernel. i wish to create firewall rules outside of the rc.firewall script that remain static across reboots. to that end, i created a set (rc.firewall.rules), pointing rc.conf to that set: firewall_enable=YES firewall_type=/etc/rc.firewall.rules You should change firewall_type to firewall_script. You should then find all works as you want. natd_enable=YES.etc /etc/rc.firewall.rules lines are in the format: add 00100 all ip from any to any via lo0 add 00200 deny ip from any to 127.0.0.0/8 ...etc. is this right? when i boot to these conditions, and ipfw show, i get the set that appears when i set firewall_type=OPEN is this the proper format for rules in a static file? regards to all! stephen d. kingrea To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: questions about static ipfw rules
On Wed, Jan 22, 2003 at 03:18:33PM +, Daniel Bye wrote:
On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
running 4.7 with firewall, natd enabled kernel. i wish to create firewall
rules outside of the rc.firewall script that remain static across
reboots. to that end, i created a set (rc.firewall.rules), pointing
rc.conf to that set:
firewall_enable=YES
firewall_type=/etc/rc.firewall.rules
You should change firewall_type to firewall_script. You should then
find all works as you want.
Well, almost... If you do it this way, you need to make sure the script
file is executable and makes sense as a shell script. I use something
like
#!/bin/sh
IPFW=/sbin/ipfw
${IPFW} -f flush
${IPFW} add 100 allow ip from any to any via lo0
... etc.
It works well for me.
Dan
--
Daniel Bye
PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: questions about static ipfw rules
On Wed, 22 Jan 2003, Daniel Bye wrote:
On Wed, Jan 22, 2003 at 03:18:33PM +, Daniel Bye wrote:
On Wed, Jan 22, 2003 at 09:45:09AM -0500, Stephen D. Kingrea wrote:
running 4.7 with firewall, natd enabled kernel. i wish to create firewall
rules outside of the rc.firewall script that remain static across
reboots. to that end, i created a set (rc.firewall.rules), pointing
rc.conf to that set:
firewall_enable=YES
firewall_type=/etc/rc.firewall.rules
You should change firewall_type to firewall_script. You should then
find all works as you want.
Well, almost... If you do it this way, you need to make sure the script
file is executable and makes sense as a shell script. I use something
like
#!/bin/sh
IPFW=/sbin/ipfw
${IPFW} -f flush
${IPFW} add 100 allow ip from any to any via lo0
... etc.
It works well for me.
Dan
yes, that worked quite well. thank you for that nugget!
i should say that joebs' suggestions concerning ipfilter are worthy of
investigation. i really just needed this to be able to ftp files from
inside my lan without having to retype rules at every boot.
thanks!
stephen
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
