ipfw rules for low-end server??
Chuck Swiger
cswiger at mac.com
Wed May 21 18:14:46 PDT 2003
Andras Kende wrote:
> Have PIII-450, 386Mb FreeBSD 4.8 machine as natd gateway (2 NIC) for around
> 100 computers.
>
> To minimize load on the machine which would be the best options??
It's very likely that your machine won't exhibit significant CPU load,
at least if you have decent NICs.
> Should I use ipfw "dynamic" or "stateful" rules?
Given that you are doing NAT, you might try using dynamic rules
(keep-state/check-state), but how you configure your firewall rules
should be based more on what's simple, easy to understand, and does the job.
> Also should set to kernel with: option IPFIREWALL_VERBOSE for debugging
> purposes if needed but disable logging firewall_logging=NO at rc.conf ?
Define something like this to limit the amount of FW loggine, but do
leave logging enabled:
options IPFIREWALL_VERBOSE_LIMIT=100
> I want to allow everything to go out, only 22tcp,80tcp 53udp and 25tcp
> (port_forwading) to in...
See /etc/rc.firewall.
--
-Chuck
More information about the freebsd-questions
mailing list