If the BSD you are using is FreeBSD, then it is pretty simple to do that:
- edit your
/etc/rc.conf and enable the firewall script at boot time: insert a line like this
firewall_enable="YES", and specify a type of firewall from the ones FreeBSD already includes:
firewall_type="Open"|"Client"|"Simple"|"Unknown" or define your own type.
- take a look at
/etc/rc.firewall and edit this file to suit your needs. This file contains a sample firewall configuration and I reccomend it.
If you want to do something more: to have a network behind this firewall, it would be a good ideea to set the firewall type to "Simple" and change the options for network address, external interface ip address etc. And if you have only one IP address and want to make possible "masquerading" you must add two more lines to /etc/rc.conf:
natd_enable="YES" and
natd_interface="your_external_interface_name(i.e. xl0)". To have this option working [nat] you must configure your kernel to support IPDIVERT
For any other information regarding firewalls you may contact me
Quote:
Originally posted by deadletter
i am setting up a BSD firewall for the first time. I have recompiled the kernel and all that, but am having trouble building a good ruleset. I have read the manpages but am still having trouble creating what I need. It is either nothing is going through or everything is. Does anybody know of a decent tutorial on creating rulesets with ipfw?