From: "David Kelly" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 02, 2003 2:56 PM Subject: Re: setting up ipfw
> On Wednesday 02 July 2003 11:00 am, W. D. wrote: > > > > Is there some guide to translate IPFW rules to English so that they > > are understandable? > > They already are. Each arglist to ipfw(8) is a sentence. ipfw(8) is only > an interpreter of those instructions which writes the instructions in a > form ipfw(4) can understand. Or reads them back in a form you can > understand. > And this is one of the things that swung my decision to ipfw ... a] the easy syntax of the rules; b] the most well-written tutorial I found while * ST[F]?W was based on ipfw. Consider the following somewhat biased example. However, the answer to the "which is most like English" ?? seems clear to me... ipfw: # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} ipf: # block address spoofing on the external interface block in quick on ed0 from 127.0.0.1/8 to any block in quick on ed0 from 10.0.0.0/8 to any block in quick on ed0 from 172.16.0.0/12 to any block in quick on ed0 from 192.168.0.0/16 to any block in quick on ed0 from 224.0.0.0/4 to any block in quick on ed0 from 240.0.0.0/5 to any iptables: # Stop RFC1918 nets on the outside interface ${fwcmd} -A INPUT -j DROP -d 10.0.0.0/8 -i ${oif} ${fwcmd} -A FORWARD -j DROP -d 10.0.0.0/8 -i ${oif} ${fwcmd} -A INPUT -j DROP -d 172.16.0.0/12 -i ${oif} ${fwcmd} -A FORWARD -j DROP -d 172.16.0.0/12 -i ${oif} ${fwcmd} -A INPUT -j DROP -d 192.168.0.0/16 -i ${oif} ${fwcmd} -A FORWARD -j DROP -d 192.168.0.0/16 -i ${oif} To the detractors -- yeah, similar, not at all the same, though. If I confused anyone with "my.ip.ad.dres", I'm sorry; it's not like you couldn't do a dig, anyway, but I'm paranoid... KDK *Please pardon my regexp... _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"