ipfw rules for modern FreeBSD?
方坤
quinefang at gmail.com
Fri Dec 29 09:21:36 UTC 2017
Dear ipfw maintainer,
I read the following from
https://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=freebsd-release-ports#end
.
> The rule body has the following format:
>
> [*proto* *from* *src* *to* *dst*] [*options*]
>
> The first part (proto from src to dst) is for backward compatibility with
> earlier versions of FreeBSD. In modern FreeBSD any match pattern
> (including MAC headers, IP protocols, addresses and ports) can be speci-
> fied in the *options* section.
>
>
And, my firewall_script as follows:
>
#!/bin/sh
fwcmd="/sbin/ipfw -q"
${fwcmd} -f flush
${fwcmd} add allow proto tcp src-ip me setup keep-state :default
${fwcmd} add allow proto udp src-ip me keep-state :default
And, I found these rules is not protecting my FreeBSD box.
Question: How can I write ipfw rules for modern FreeBSD only?
More information about the freebsd-ipfw
mailing list