|
Lines 176-182
Link Here
|
| 176 |
|
176 |
|
| 177 |
<para>We're nearly done now. All that remains now is to define the |
177 |
<para>We're nearly done now. All that remains now is to define the |
| 178 |
firewall rules and then we can reboot and the firewall should be up and |
178 |
firewall rules and then we can reboot and the firewall should be up and |
| 179 |
running. I realise that everyone will want something slightly different |
179 |
running. I realize that everyone will want something slightly different |
| 180 |
when it comes to their rulebase. What I've tried to do is write a |
180 |
when it comes to their rulebase. What I've tried to do is write a |
| 181 |
rulebase that suits most dialup users. You can obviously modify it to |
181 |
rulebase that suits most dialup users. You can obviously modify it to |
| 182 |
your needs by simply using the following rules as the foundation for |
182 |
your needs by simply using the following rules as the foundation for |
|
Lines 187-195
Link Here
|
| 187 |
rules for your allows, and then everything else is denied. :)</para> |
187 |
rules for your allows, and then everything else is denied. :)</para> |
| 188 |
|
188 |
|
| 189 |
<para>Now, let's make the dir /etc/firewall. Change into the directory and |
189 |
<para>Now, let's make the dir /etc/firewall. Change into the directory and |
| 190 |
edit the file fwrules as we specified in rc.conf. Please note that you |
190 |
edit the file <filename>fwrules</filename> as we specified in |
| 191 |
can change this filename to be anything you wish. This guide just gives |
191 |
<filename>rc.conf</filename>. Please note that you can change this |
| 192 |
an example of a filename. </para> |
192 |
filename to be anything you wish. This guide just gives an example of a |
|
|
193 |
filename. </para> |
| 193 |
|
194 |
|
| 194 |
<para>Now, let's look at a sample firewall file, and we'll detail |
195 |
<para>Now, let's look at a sample firewall file, and we'll detail |
| 195 |
everything in it. </para> |
196 |
everything in it. </para> |
|
Lines 263-270
Link Here
|
| 263 |
|
264 |
|
| 264 |
<answer> |
265 |
<answer> |
| 265 |
<para>I'll have to be honest and say there's no definitive reason |
266 |
<para>I'll have to be honest and say there's no definitive reason |
| 266 |
why I use ipfw and natd instead of the built in ppp filters. From |
267 |
why I use ipfw and natd instead of the built in ppp filters. From |
| 267 |
the discussions I've had with people the consensus seems to be |
268 |
the discussions I've had with people the consensus seems to be |
| 268 |
that while ipfw is certainly more powerful and more configurable |
269 |
that while ipfw is certainly more powerful and more configurable |
| 269 |
than the ppp filters, what it makes up for in functionality it |
270 |
than the ppp filters, what it makes up for in functionality it |
| 270 |
loses in being easy to customise. One of the reasons I use it is |
271 |
loses in being easy to customise. One of the reasons I use it is |
|
Lines 276-282
Link Here
|
| 276 |
<qandaentry> |
277 |
<qandaentry> |
| 277 |
<question> |
278 |
<question> |
| 278 |
<para>If I'm using private addresses internally, such as in the |
279 |
<para>If I'm using private addresses internally, such as in the |
| 279 |
192.168.0.0 range, Could I add a command like <literal>$fwcmd add |
280 |
192.168.0.0 range, could I add a command like <literal>$fwcmd add |
| 280 |
deny all from any to 192.168.0.0:255.255.0.0 via tun0</literal> |
281 |
deny all from any to 192.168.0.0:255.255.0.0 via tun0</literal> |
| 281 |
to the firewall rules to prevent outside attempts to connect to |
282 |
to the firewall rules to prevent outside attempts to connect to |
| 282 |
internal machines?</para> |
283 |
internal machines?</para> |