On Sat, 31 Jan 2004 10:50:19 -0500
Chuck Swiger <[EMAIL PROTECTED]> wrote:

> Peder Blom wrote:
> [ ... ]
> > Add this to your rc.conf: (instead of firewall_type=...):
> > firewall_script="/etc/grog.firewall"
> > 
> > See /etc/defaults/rc.conf !
> 
> While I won't speak against looking at /etc/defaults/rc.conf, setting 
> firewall_type works fine; see the end of /etc/rc.firewall:
> 
> *)
>          if [ -r "${firewall_type}" ]; then
>                  ${fwcmd} ${firewall_flags} ${firewall_type}
>          fi
>          ;;
> 
> -- 
> -Chuck
> _______________________________________________

Yes, that's the other way of doing it. The mentioning of scripts and the
fact that his file was in the form of a script made me assume that he
wanted to write his own script for setting up his firewall. On second
thought I realize that he might just as well want to do it your way and
define a set of rules to be read in by rc.firewall. (This might even be
the best solution).

I've never done it this way, but in this case I assume that you just
define the rules in  '/etc/ERICS_firewall', thus:

--------------
add 100 pass all from any to any via lo0
add 200 deny all from any to 127.0.0.0/8
add 300 deny ip from 127.0.0.0/8 to any
add 600 allow all from any to any
--------------

Using your suggestions for rc.conf, of course.

Is this correct?


_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to