IPFW Configuration

[Philip Payne]

Hi Jonathan,

> will be able to work. My box is located at a datacebter and my box is 
> allocated with about 90 IP addresses (and also the main 
> server IP which 
> was given to me when i first purchased the line). I would 
> like to know 
> how to configure /etc/rc.firewall to support my MAIN ip and 
> also how to 
> make sure the other IPS added to my box are recognized and 
> protected by 
> the firewall.
>
> Also I noticed in rc.firewall there are different modes to put the 
> firewall in like simple mode, client mode, etc. (different firewall 
> powers i guess). It would be greatly appreciated if someone 
> can show me 
> how to configure ipfw. I could not thank anyone more for the 
> future help 
> i might recieve on this issue.

simple & client mode are just different rulesets within rc.firewall. You can
of course specify your very own ruleset and point rc.conf at a different
file than rc.firewall.

Two things which may help.

1) There is a keyword "me" that you can use in IPFW rules that prevents you
needing to specify the server's actual IP's.
2) fwbuilder.org is a very handy tool for generating firewall config. if the
"me" keyword is too generic, you may find it easier have a gui that can hold
different objects for each IP address useful.... rather than write
repetitive firewall script lines. Also, if you're new to firewall policy
sometimes a gui can help.

If you want advice on generating a firewall policy, well... there are some
high level design rules you can follow that helps. I've posted on this topic
a number of times to the list so just search the archives.

Lastly, and not meant in any rude way, if you haven't > man ipfw ... I
personally found it very useful.

Hope that helps

Phil.