iptables
Steve Schofield
steve at bgeek.com
Sun Aug 31 12:22:16 PDT 2003
i use ipfilter as a loadable module in the /etc/rc.conf. Its loaded on
boot. For better perf, its good to compile into the KERNEL but heck it
works so i'm happy with the way it is. Do a google search on IPFILTER or
IPFW (IPFW is built in I think) to get more info.
//Put this in your /etc/rc.conf
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf -Fa -f"
ipfilter_rules="/etc/ipf.conf"
ipfilter_flags="-Ds"
ipmon_enable="YES"
ipmon_flags="-Dn /var/log/firewall_logs"
create a file called ipf.conf in the /etc/ directory
here are some sample rules I use.
to refresh a rule w/o rebooting type in ipf -Fa -f /etc/ipf.conf
pass in quick on xl0 proto tcp from any to any port = 25 keep state
pass in quick on xl0 proto tcp from any to any port = 110 keep state
pass in quick on xl0 proto tcp from any to any port = 143 keep state
pass out quick proto tcp all keep state
block in log quick on xl0 proto tcp from any to any
----- Original Message -----
From: "Taulant Galimuna" <taulant at ipko.net>
To: <freebsd-newbies at freebsd.org>
Sent: Sunday, August 31, 2003 2:31 PM
Subject: iptables
> Hi!
> I just wanted to know if ther's any "firewall" like iptables and ipchains
> (linux) on FreeBSD ??
>
> regards,
> Taulant
>
> _______________________________________________
> freebsd-newbies at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-newbies
> To unsubscribe, send any mail to "freebsd-newbies-unsubscribe at freebsd.org"
>
More information about the freebsd-newbies
mailing list