Hi, I've found fwbuilder (/usr/ports/fwbuilder) to be very useful. Nice GUI for writing your firewall policy. Some simple "Druids" :-/ for generating generic rulesets. Formerly, I've always configured the firewall from command line but this certainly helps in managing your policy.
I admit, I'm an IPFW person myself but fwbuilder theoretically supports ipfilter on FreeBSD as well (I haven't used it). One quirk, when using fwbuilder with IPFW, the divert to natd isn't supported so I'm installing the rules with a little script that inserts the natd rule appropriately. --- #!/bin/sh <ruleset name>.fw # Installs the rules generated by fwbuilder ipfw delete 1 # delete the check-state rule at 00001 ipfw add 1 divert natd ip from any to any via <external interface> # add new divert rule at 1 ipfw add 2 check-state # re-add the check-state 2 --- Phil. > -----Original Message----- > From: Petre Bandac [mailto:[EMAIL PROTECTED] > Sent: 23 October 2003 09:13 > To: [EMAIL PROTECTED]; Mihail; [EMAIL PROTECTED] > Subject: Re: Firewall rules > > > www.kgb.ro/Ipfw-HOWTO > > HTH, > > petre > > On Wednesday 22 October 2003 18:05 Anno Domini, fbsd_user > wrote using one of > his keyboards: > > The FBSD handbook gives the idea that IPFW is the only firewall. > > FBSD also comes with ipfilter which is much easier to use and > > sertup. Google the questions archives for loads of info about > > configuring ipfilter. You will be glade you did. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Mihail > > Sent: Wednesday, October 22, 2003 9:29 AM > > To: [EMAIL PROTECTED] > > Subject: Firewall rules > > > > Hello, > > > > I'm trying to set up a firewall with ipfw by using the client > > firewall type given in rc.firewall as an example. My problem > > is that the client rules don't allow me to do common > > web-browsing. What should I add to the script to > > resolve this without seriously compromising security? > > > > cheers, > > Mihail > > > > > > ----------------------------------------- > > Hot Mobiil - helinad, logod ja piltsõnumid! > > http://portal.hot.ee > > > > _______________________________________________ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > > > _______________________________________________ > > [EMAIL PROTECTED] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > -- > Login: petre Name: Petre Bandac > Directory: /home/petre Shell: /usr/local/bin/zsh > On since Sat Oct 18 00:13 (EEST) on ttyv0, idle 5 days 1:47 > (messages off) > On since Thu Oct 16 16:27 (EEST) on ttyv1, idle 5 days 10:35 > (messages off) > Last login Mon Oct 20 21:52 (EEST) on ttyp6 from lubyanka.kgb.ro > No Mail. > No Plan. > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
