FreeBSD Bugzilla – Attachment 39211 Details for
Bug 61873
adding IPFW2 support to dial-up firewall for 4.x users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
dialup-firewall.patch
dialup-firewall.patch (text/plain; charset=us-ascii), 1.69 KB, created by
Marc Silver
on 2004-01-25 19:09:20 UTC
(
hide
)
Description:
dialup-firewall.patch
Filename:
MIME Type:
Creator:
Marc Silver
Created:
2004-01-25 19:09:20 UTC
Size:
1.69 KB
patch
obsolete
>--- article.sgml-orig Sun Jan 25 14:21:09 2004 >+++ article.sgml Sun Jan 25 14:34:36 2004 >@@ -79,7 +79,9 @@ > recompile their kernels with <emphasis>IPFW2</emphasis> > support. &os; 4.X users should consult the &man.ipfw.8; > manual page for more information on using IPFW2 on their >- systems.</para></note> >+ systems, and should pay particular attention to the >+ <emphasis>USING IPFW2 IN FreeBSD-STABLE</emphasis> >+ section.</para></note> > </listitem> > </varlistentry> > >@@ -183,14 +185,32 @@ > # defaults to tun0. > oif="tun0" > >+# Define our inside interface. This is usually your network >+# card. Be sure to change this to match your own network >+# interface. >+iif="fxp0" >+ > # Force a flushing of the current rules before we reload. > $fwcmd -f flush > >-# Allow all connections that we initiate, and keep their state, >-# but deny established connections that don't have a dynamic rule. >+# Check the state of all packets. > $fwcmd add check-state >+ >+# Stop spoofing on the outside interface. >+$fwcmd add deny ip from any to any in via $oif not verrevpath >+ >+# Allow all connections that we initiate, and keep their state. >+# but deny established connections that don't have a dynamic rule. > $fwcmd add allow ip from me to any out via $oif keep-state > $fwcmd add deny tcp from any to any established in via $oif >+ >+# Allow all connections within our network. >+$fwcmd add allow ip from any to any via $iif >+ >+# Allow all local traffic. >+$fwcmd add allow all from any to any via lo0 >+$fwcmd add deny all from any to 127.0.0.0/8 >+$fwcmd add deny ip from 127.0.0.0/8 to any > > # Allow internet users to connect to the port 22 and 80. > # This example specifically allows connections to the sshd and a
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39211">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 61873
:
39210
| 39211