ipfw2 and preproc
Chuck Swiger
cswiger at mac.com
Thu Dec 16 10:45:44 PST 2004
traef06 at ebasedsecurity.com wrote:
> I have read the man page for ipfw and searched the web looking for examples
> of using ipfw2 and the preprocessor option.
>
> Does anybody have any examples?
Try somthing like the following in /etc/rc.conf:
#firewall_type='/etc/MY_firewall'
#firewall_flags='-p /usr/bin/cpp'
...and create /etc/MY_firewall containing:
####
# set these to your inside interface network and netmask and ip
#define IIF sis0
#define INET 192.168.1.0/24
#define IIP 192.168.1.2
# port number ranges
#define LOPORTS 1-1023
#define HIPORTS 1024-65535
# dynamic rules
add check-state
add allow tcp from any HIPORTS to INET 22,80,143,443,3128 setup keep-state
add allow ip from INET to any keep-state
add 65000 deny log ip from any to any
--
-Chuck
More information about the freebsd-questions
mailing list