|
|
Sponsored Content
Special Forums
IP Networking
BSD Firewall
Post 12704 by eNTer on Sunday 6th of January 2002 09:04:54 AM
01-06-2002
Re: BSD Firewall
If the BSD you are using is FreeBSD, then it is pretty simple to do that:
- edit your /etc/rc.conf and enable the firewall script at boot time: insert a line like this firewall_enable="YES", and specify a type of firewall from the ones FreeBSD already includes: firewall_type="Open"|"Client"|"Simple"|"Unknown" or define your own type.
- take a look at /etc/rc.firewall and edit this file to suit your needs. This file contains a sample firewall configuration and I reccomend it.
If you want to do something more: to have a network behind this firewall, it would be a good ideea to set the firewall type to "Simple" and change the options for network address, external interface ip address etc. And if you have only one IP address and want to make possible "masquerading" you must add two more lines to /etc/rc.conf: natd_enable="YES" and natd_interface="your_external_interface_name(i.e. xl0)". To have this option working [nat] you must configure your kernel to support IPDIVERT
For any other information regarding firewalls you may contact me
- edit your /etc/rc.conf and enable the firewall script at boot time: insert a line like this firewall_enable="YES", and specify a type of firewall from the ones FreeBSD already includes: firewall_type="Open"|"Client"|"Simple"|"Unknown" or define your own type.
- take a look at /etc/rc.firewall and edit this file to suit your needs. This file contains a sample firewall configuration and I reccomend it.
If you want to do something more: to have a network behind this firewall, it would be a good ideea to set the firewall type to "Simple" and change the options for network address, external interface ip address etc. And if you have only one IP address and want to make possible "masquerading" you must add two more lines to /etc/rc.conf: natd_enable="YES" and natd_interface="your_external_interface_name(i.e. xl0)". To have this option working [nat] you must configure your kernel to support IPDIVERT
For any other information regarding firewalls you may contact me
Quote:
Originally posted by deadletter
i am setting up a BSD firewall for the first time. I have recompiled the kernel and all that, but am having trouble building a good ruleset. I have read the manpages but am still having trouble creating what I need. It is either nothing is going through or everything is. Does anybody know of a decent tutorial on creating rulesets with ipfw?
i am setting up a BSD firewall for the first time. I have recompiled the kernel and all that, but am having trouble building a good ruleset. I have read the manpages but am still having trouble creating what I need. It is either nothing is going through or everything is. Does anybody know of a decent tutorial on creating rulesets with ipfw?
|
|
We Also Found This Discussion For You
1. BSD
for all you unix/linux interested heres an online book for free that covers the basics of BSD SysV Unix commands and applications . giving the average linux user a perspective on the differences in context of the two operating systems and for BSD users covers material as a refernce guide.
... (0 Replies)
Discussion started by: moxxx68
0 Replies
LEARN ABOUT DEBIAN
arno-iptables-firewall
ARNO-IPTABLES-FIREWALL(8) ARNO-IPTABLES-FIREWALL(8) NAME
arno-iptables-firewall - Single- & multi-homed firewall script with DSL/ADSL support. SYNOPSIS
/etc/init.d/arno-iptables-firewall [start|stop|status|force-reload|restart] DESCRIPTION
arno-iptables-firewall is an iptables configuration script with support for both IPv4 & IPv6. While it is extremely easy to use one can nevertheless use it in quite complicated environments. All available options are explained in the extensively documented configuration file. The external interface of the system needs to be set up properly in the firewalls configuration file (EXT_IF). The default behavior of the firewall is to deny all incoming connections. For additional requirements not covered by the configuration file custom iptables rules can be placed in /etc/arno-iptables-firewall/cus- tom-rules. This file is automatically parsed by the service script. See the README file (eg. in /usr/(local/)share/doc/arno-iptables-firewall) for an example how to manage logging of firewall events through syslogd. The arno-fwfilter script can be used to make the firewall logs more readable for humans (see manpage). Several plugins for the firewall script are available online. Plugins can be downloaded from http://rocky.eld.leidenuniv.nl/ Please see the README file for more information. FILES
/etc/init.d/arno-iptables-firewall system service script /etc/arno-iptables-firewall/firewall.conf firewall configuration /etc/arno-iptables-firewall/conf.d/ firewall configuration directory /etc/arno-iptables-firewall/custom-rules custom iptables rules /etc/arno-iptables-firewall/blocked-hosts host blacklist /etc/arno-iptables-firewall/mac-addresses mac filter list Please note, that the last two files do exist in the initial configuration and their use is disabled in /etc/arno-iptables-firewall/fire- wall.conf SEE ALSO
iptables(8), arno-fwfilter(1), syslog.conf(5) The http://rocky.eld.leidenuniv.nl/ web site. AUTHOR
arno-iptables-firewall was written by Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>. This manual page was written by Michael Hanke <michael.hanke@gmail.com>, for the Debian project (but may be used by others). Michael Hanke March 14, 2012 ARNO-IPTABLES-FIREWALL(8)