On Fri, Dec 29, 2017 at 05:21:34PM +0800, 方坤 wrote: > Dear ipfw maintainer, > > I read the following from > https://www.freebsd.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=freebsd-release-ports#end > .... > And, my firewall_script as follows: > > #!/bin/sh > > fwcmd="/sbin/ipfw -q" > > ${fwcmd} -f flush > > ${fwcmd} add allow proto tcp src-ip me setup keep-state :default > > ${fwcmd} add allow proto udp src-ip me keep-state :default > > > > And, I found these rules is not protecting my FreeBSD box. > > Question: How can I write ipfw rules for modern FreeBSD only? > .....
First, you need to determine what "protecting my FreeBSD box" means for your situation. Please note that whatever you determine at first, the result is likely to evolve over time. You will alsmost certainly benefit from a study of /etc/rc.firewall -- possibly to help you understand what kinds of "protection" ipfw can provide (and how to implement them) -- but also to help you clarify your own "protection" requirements. Peace, david -- David H. Wolfskill da...@catwhisker.org If Trump is "taking names" re: the UN Jerusalem vote, he can add mine. See http://www.catwhisker.org/~david/publickey.gpg for my public key.
signature.asc
Description: PGP signature
