IPFW Configuration
Philip Payne
philip.payne at uk.mci.com
Thu Aug 5 03:49:52 PDT 2004
Hi Jonathan,
> will be able to work. My box is located at a datacebter and my box is
> allocated with about 90 IP addresses (and also the main
> server IP which
> was given to me when i first purchased the line). I would
> like to know
> how to configure /etc/rc.firewall to support my MAIN ip and
> also how to
> make sure the other IPS added to my box are recognized and
> protected by
> the firewall.
>
> Also I noticed in rc.firewall there are different modes to put the
> firewall in like simple mode, client mode, etc. (different firewall
> powers i guess). It would be greatly appreciated if someone
> can show me
> how to configure ipfw. I could not thank anyone more for the
> future help
> i might recieve on this issue.
simple & client mode are just different rulesets within rc.firewall. You can
of course specify your very own ruleset and point rc.conf at a different
file than rc.firewall.
Two things which may help.
1) There is a keyword "me" that you can use in IPFW rules that prevents you
needing to specify the server's actual IP's.
2) fwbuilder.org is a very handy tool for generating firewall config. if the
"me" keyword is too generic, you may find it easier have a gui that can hold
different objects for each IP address useful.... rather than write
repetitive firewall script lines. Also, if you're new to firewall policy
sometimes a gui can help.
If you want advice on generating a firewall policy, well... there are some
high level design rules you can follow that helps. I've posted on this topic
a number of times to the list so just search the archives.
Lastly, and not meant in any rude way, if you haven't > man ipfw ... I
personally found it very useful.
Hope that helps
Phil.
More information about the freebsd-questions
mailing list