9.2-RC1 rc.firewall workstation type and myservices
CeDeROM
cederom at tlen.pl
Mon Aug 12 13:38:53 UTC 2013
Hello :-)
I just have setup some service on 9.2-RC1. I want this service to be
available on WAN but still I want to have stateful firewall running. I
am using workstation firewall type and put the service port on
firewall_myservices. However by default only TCP connections are
accepted, still I need to serve UDP connections. Wouldn't that be more
convenient to change "TCP" into "IP" for default firewall_myservices
and maybe add TCP and UDP for firewall_myservices_{tcp,udp} ? Below is
the script part..
Best regards,
Tomek
# Add permits for this workstations published services below
# Only IPs and nets in firewall_allowservices is allowed in.
# If you really wish to let anyone use services on your
# workstation, then set "firewall_allowservices='any'" in /etc/rc.conf
#
# Note: We don't use keep-state as that would allow DoS of
# our statetable.
# You can add 'keep-state' to the lines for slightly
# better performance if you fell that DoS of your
# workstation won't be a problem.
#
for i in ${firewall_allowservices} ; do
for j in ${firewall_myservices} ; do
${fwcmd} add pass tcp from $i to me $j
done
done
--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
More information about the freebsd-stable
mailing list