Kenneth W Cochran <[EMAIL PROTECTED]> writes:
> Would like to do similar things, e.g. allow/deny <insert
> port/service/protocol here> & get all that to play nicely
> with divert/natd. For example, with divert, it appears that
> we should have a ruleset for "before" the divert & another
> "mirror-image" ruleset for "after" divert. Where might I
> find some nice explanations of the logic/strategy with this?
Look carefully; it's not a mirror image. The "before" set is denying
the addresses as destinations, while the "after" set is denying them
as source addresses.
> I guess what confuses me is /etc/rc.firewall does things one
> way & the firewall(7) manpage another.
Firewalls configurations differ. It's possible to struggle through
without understanding what you're doing, but it's hard, and you're a
lot more likely to make mistakes.
> Where are some, umm, good sources of information about
> ipfirewall (ipfw)? Seems all the books talk about are
> Linux's ipchains & iptables & *bsd's ipf.
The *good* books don't do much with any specific implementation. [I'm
thinking of Cheswick/Bellovin, as well as the Zwicky book.] They
cover the theory; if you have that, the syntax is pretty easy with any
of them.
--
Lowell Gilbert, embedded/networking software engineer, Boston area:
resume/CV at http://be-well.ilk.org:8088/~lowell/resume/
username/password "public"
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
