Kenneth W Cochran <[EMAIL PROTECTED]> writes: > Would like to do similar things, e.g. allow/deny <insert > port/service/protocol here> & get all that to play nicely > with divert/natd. For example, with divert, it appears that > we should have a ruleset for "before" the divert & another > "mirror-image" ruleset for "after" divert. Where might I > find some nice explanations of the logic/strategy with this?
Look carefully; it's not a mirror image. The "before" set is denying the addresses as destinations, while the "after" set is denying them as source addresses. > I guess what confuses me is /etc/rc.firewall does things one > way & the firewall(7) manpage another. Firewalls configurations differ. It's possible to struggle through without understanding what you're doing, but it's hard, and you're a lot more likely to make mistakes. > Where are some, umm, good sources of information about > ipfirewall (ipfw)? Seems all the books talk about are > Linux's ipchains & iptables & *bsd's ipf. The *good* books don't do much with any specific implementation. [I'm thinking of Cheswick/Bellovin, as well as the Zwicky book.] They cover the theory; if you have that, the syntax is pretty easy with any of them. -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"