On Wed, Mar 05, 2003 at 02:17:18AM +0800, Khairil Yusof wrote:
[...]
> and my simple firewall rules (I've deleted stuff which is not important
> and working like dns, ntp etc.):
> 
> #firewall command
> 
> fwcmd="/sbin/ipfw"
>     
> # Force a flushing of the current rules before we reload.
> $fwcmd -f flush
> 
> ##### RULES FOR INTERNAL NETWORK ######
> 
> # Setup localhost
> $fwcmd add allow ip from any to any via lo0
> 
> $fwcmd add allow any from any to any via fxp0
> 
> # Divert all packets through the tunnel interface.
> $fwcmd add divert natd all from any to any via tun0

You should have a look at /etc/rc.firewall and use it as the template for
your rules. In your case, the "divert natd" rule should be the first;
looking at /etc/rc.firewall and using the "open" rule:

    ${fwcmd} add 50 divert natd all from any to any via tun0
    ${fwcmd} add 100 pass all from any to any via lo0
    ${fwcmd} add 200 deny all from any to 127.0.0.0/8
    ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
    ${fwcmd} add 65000 pass all from any to any

Alternatively you could change your /etc/rc.conf:

    firewall_type="open"

-- 
Jonathan Chen <[EMAIL PROTECTED]>
----------------------------------------------------------------------
                                          "Opportunity does not knock,
       it presents itself when you beat down the door" - W.E. Channing

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to