IPFW at startup.

Chuck Swiger cswiger at mac.com
Mon Nov 15 19:03:38 UTC 2010


On Nov 15, 2010, at 10:52 AM, Dave Robison wrote:
> I haven't seen someone use "firewall_type" as a path to the config file. If you check the default rc.firewall file, you will see several types of default firewall settings, such as "open" and "closed". You want to set "firewall_type" in rc.conf to be "open" or whatever your firewall type is in /etc/rc.firewall.

If you set both of these in /etc/rc.conf:

firewall_flags="-p cpp"

...then /etc/FW1_firewall will be processed by cpp (ie, so you can use #include directives, C-style macros, etc) before going to IPFW.

This is probably more obscure than useful for human-editted rulesets :-), but for automated processing and accumulating lists of bad hosts via denyhosts or similar, it can be useful....


More information about the freebsd-questions mailing list