9.2-RC1 rc.firewall workstation type and myservices

CeDeROM cederom at tlen.pl
Mon Aug 12 13:38:53 UTC 2013

Hello :-)

I just have setup some service on 9.2-RC1. I want this service to be
available on WAN but still I want to have stateful firewall running. I
am using workstation firewall type and put the service port on
firewall_myservices. However by default only TCP connections are
accepted, still I need to serve UDP connections. Wouldn't that be more
convenient to change "TCP" into "IP" for default firewall_myservices
and maybe add TCP and UDP for firewall_myservices_{tcp,udp} ? Below is
the script part..

Best regards,

        # Add permits for this workstations published services below
        # Only IPs and nets in firewall_allowservices is allowed in.
        # If you really wish to let anyone use services on your
        # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf
        # Note: We don't use keep-state as that would allow DoS of
        #       our statetable.
        #       You can add 'keep-state' to the lines for slightly
        #       better performance if you fell that DoS of your
        #       workstation won't be a problem.
        for i in ${firewall_allowservices} ; do
          for j in ${firewall_myservices} ; do
            ${fwcmd} add pass tcp from $i to me $j

CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

More information about the freebsd-questions mailing list