Firewall rules
Philip Payne
philip.payne at uk.mci.com
Thu Oct 23 02:53:52 PDT 2003
Hi,
I've found fwbuilder (/usr/ports/fwbuilder) to be very useful. Nice GUI for
writing your firewall policy. Some simple "Druids" :-/ for generating
generic rulesets. Formerly, I've always configured the firewall from command
line but this certainly helps in managing your policy.
I admit, I'm an IPFW person myself but fwbuilder theoretically supports
ipfilter on FreeBSD as well (I haven't used it).
One quirk, when using fwbuilder with IPFW, the divert to natd isn't
supported so I'm installing the rules with a little script that inserts the
natd rule appropriately.
---
#!/bin/sh
<ruleset name>.fw # Installs the rules generated by fwbuilder
ipfw delete 1 # delete the check-state rule at 00001
ipfw add 1 divert natd ip from any to any via <external interface> # add new
divert rule at 1
ipfw add 2 check-state # re-add the check-state 2
---
Phil.
> -----Original Message-----
> From: Petre Bandac [mailto:petre at kgb.ro]
> Sent: 23 October 2003 09:13
> To: fbsd_user at a1poweruser.com; Mihail; freebsd-questions at freebsd.org
> Subject: Re: Firewall rules
>
>
> www.kgb.ro/Ipfw-HOWTO
>
> HTH,
>
> petre
>
> On Wednesday 22 October 2003 18:05 Anno Domini, fbsd_user
> wrote using one of
> his keyboards:
> > The FBSD handbook gives the idea that IPFW is the only firewall.
> > FBSD also comes with ipfilter which is much easier to use and
> > sertup. Google the questions archives for loads of info about
> > configuring ipfilter. You will be glade you did.
> >
> > -----Original Message-----
> > From: owner-freebsd-questions at freebsd.org
> > [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Mihail
> > Sent: Wednesday, October 22, 2003 9:29 AM
> > To: freebsd-questions at freebsd.org
> > Subject: Firewall rules
> >
> > Hello,
> >
> > I'm trying to set up a firewall with ipfw by using the client
> > firewall type given in rc.firewall as an example. My problem
> > is that the client rules don't allow me to do common
> > web-browsing. What should I add to the script to
> > resolve this without seriously compromising security?
> >
> > cheers,
> > Mihail
> >
> >
> > -----------------------------------------
> > Hot Mobiil - helinad, logod ja piltsõnumid!
> > http://portal.hot.ee
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
>
> --
> Login: petre Name: Petre Bandac
> Directory: /home/petre Shell: /usr/local/bin/zsh
> On since Sat Oct 18 00:13 (EEST) on ttyv0, idle 5 days 1:47
> (messages off)
> On since Thu Oct 16 16:27 (EEST) on ttyv1, idle 5 days 10:35
> (messages off)
> Last login Mon Oct 20 21:52 (EEST) on ttyp6 from lubyanka.kgb.ro
> No Mail.
> No Plan.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list