firewall dynamic IP
Lowell Gilbert
freebsd-questions-local at be-well.no-ip.com
Sun Apr 27 06:58:27 PDT 2003
Antoine Jacoutot <ajacoutot at lphp.org> writes:
> In my progress of still learning firewall with ipfw, I have a question.
> Can I convert the following rule:
>
> ${fwcmd} add pass tcp from any to ${oip} 25 setup
>
> into on of those (which one would be the best, I guess the second one, right
> ?):
>
> ${fwcmd} add pass tcp from any to any via tun0 25 setup
> ${fwcmd} add pass tcp from any to me in via tun0 setup
Personally, I don't use the "me" rules very much because they're
slower, and I have other rules that should be blocking packets that
aren't addressed to me. It's probably not a bad idea, though -- a
little extra protection.
I think the syntax you want is to put the port number right after the
address, though. Furthermore, I'd recommend using names instead of
numbers for TCP ports, because it makes the setup more readable.
${fwcmd} add pass tcp from any to me telnet in via tun0 setup
> I ask this question because I do not have a fixed @ip on the outside interface
> so I cannot use the ${oip} (outside @ip) variable.
Right.
> By the way, is there a difference between:
> ${fwcmd} add pass... and ${fwcmd} add allow... ?
No difference.
Quoting the manual page:
allow | accept | pass | permit
Allow packets that match rule. The search terminates.
More information about the freebsd-questions
mailing list