IPFW Rules and Games

deeptech71 at gmail.com deeptech71 at gmail.com
Sun Nov 4 12:04:11 PST 2007

Jack Barnett wrote:
> deeptech71 at gmail.com wrote:
>> So basically the ruleset should be simple:
>> ipfw -f flush
>> # allow lo0 stuff
>> # block some spoofs/attacks
>> # if you are hosting gameservers from or whatever,
>> # you should (manually) open server ports, in other words, add
>> # routes to to specific server ports
>> ipfw add divert natd all from any to any via $outside_interface
>> allow all from any to any
>> # block some more spoofs/attacks :)
>> # define services (like you did with http)
> Sorry, this didn't work.

just without any security concerns, try this script:

ipfw -f flush
ipfw add divert natd via xl0
ipfw add allow all from any to any

But please tell me, what kind of internet connection do you have? You 
said you have a Dynamic IP. Are you using connecting to the Internet via 
ppp? If so, replace xl0 up there with tun0 (or whatever tunnel ppp created).

Here's my stuff:

::: /etc/natd.conf :::
dynamic           yes
same_ports        yes
deny_incoming     yes
unregistered_only yes
redirect address

::: part of /etc/rc.conf :::

# [...]

ifconfig_rl0="inet netmask"
ifconfig_ed0="up" # <-- this is the external one
                   # plus there is a tun0 for PPPoE

firewall_script="/etc/ipfw.rules" # something like the above script


natd_flags="-f /etc/natd.conf"


# [...]

More information about the freebsd-questions mailing list