IPFILTER rules with shell symbloic substitution
mike at pcmedx.com
Wed Nov 26 10:40:50 PST 2003
> /etc/rc.firewall has lots of examples using ipfw; the concepts should
> work just as well with ipf.
I'm not sure that's true. /etc/rc.firewall is a shell script, an IP Filter
ruleset isn't. From the documentation and my own use of it, IP Filter
doesn't support variable substitution. If you're running 5.x, you can run
the pf port, which does support variables and some other neat expansion
capabilities that can really condense and simplify your ruleset.
More information about the freebsd-questions