IPFW at startup.
Chuck Swiger
cswiger at mac.com
Mon Nov 15 19:03:38 UTC 2010
Hi--
On Nov 15, 2010, at 10:52 AM, Dave Robison wrote:
> I haven't seen someone use "firewall_type" as a path to the config file. If you check the default rc.firewall file, you will see several types of default firewall settings, such as "open" and "closed". You want to set "firewall_type" in rc.conf to be "open" or whatever your firewall type is in /etc/rc.firewall.
If you set both of these in /etc/rc.conf:
firewall_type="/etc/FW1.ipfw"
firewall_flags="-p cpp"
...then /etc/FW1_firewall will be processed by cpp (ie, so you can use #include directives, C-style macros, etc) before going to IPFW.
This is probably more obscure than useful for human-editted rulesets :-), but for automated processing and accumulating lists of bad hosts via denyhosts or similar, it can be useful....
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list