January 21, 2004

ipfw.HOWTO

I still haven't decided what firewall, if any, to use. Yeah, I know, I should have one, but I don't. I think there are pretty much 2 choices with FreeBSD - ipfw (explained in the FreeBSD docs) and ipfilter. Here's a good link to get you started if you go down the ipfw road:

ipfw-HOWTO

del.icio.us | Digg it | Furl | Yahoo MyWeb | Create Social Bookmark Links


Posted by jdarnold at 07:51 AM | TrackBack
Comments

Both have their advantages: so why not use both at a time. For pure stateful packet-filtering I like ipfilter very much. For other issues like traffic shaping ipfw and dummynet do a good job. I stick with both and don't have any problems using them in the way mentioned above. (ipfw policy is just "open" and doing the bandwidth stuff)

Posted by: wolfram on January 22, 2004 11:59 AM

Excellent idea! I suppose one could start with ipfilter to get the filtering down, and then add in ipfw for the bandwidth playing.

Posted by: Jonathan Arnold on January 22, 2004 12:05 PM

Hi, How can I limit IPFW and NATD to allow MASQERADING only from certain ip's on the lan,
and not the default any to any ???

I am running FreeBSD 5.2.1-release

Posted by: Jean on June 14, 2004 08:13 AM

If you are using IPFW you don't need to alter NATD conf.

just use this in whatever IPFW script you have

ipfw add divert natd all from {inside IP range} to any via $oif

or you can just add a divert rule for each IP you want to let go out.

you can find sintax for ip ranges with

man ipfw

Posted by: Gianluca on June 25, 2004 04:12 AM

Post a comment

(Javascript required)

(Not published)

Comments: (you may use HTML tags for style)