I've never done it this way, but in this case I assume that you just define the rules in '/etc/ERICS_firewall', thus:
-------------- add 100 pass all from any to any via lo0 add 200 deny all from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 600 allow all from any to any --------------
Using your suggestions for rc.conf, of course.
Is this correct?
Exactly. And then you add a preprocessor like cpp, and you can define:
#### # set these to your inside interface network and netmask and ip
#define IIF fxp0 #define INET 10.1.1.0/24 #define IIP 10.1.1.1 [ ...OIF info snipped... ]
# port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535
# basic stuff add 100 pass all from any to any via lo0 add deny all from any to 127.0.0.0/8 add deny ip from 127.0.0.0/8 to any add deny all from INET to any in via OIF add deny all from ONET to any in via IIF
...and go from there.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"