Talk:Firewall, Configuring
From FreeBSDwiki
(Difference between revisions)
(also, typo?) |
($inside to any via $iif) |
||
| Line 11: | Line 11: | ||
# let everything on your internal network talk to the firewall | # let everything on your internal network talk to the firewall | ||
$cmd 01101 allow all from $inside to any via $iif keep-state | $cmd 01101 allow all from $inside to any via $iif keep-state | ||
| + | |||
| + | == $inside to any via $iif == | ||
| + | |||
| + | If you're concerned with preventing address spoofing FROM your internal network going OUT to the real world, yes. | ||
| + | |||
| + | I tend to prefer my firewalls to let me-the-user do pretty much anything I want to, as a general rule. It shouldn't really make a whole lot of difference, in practice. --[[User:Jimbo|Jimbo]] 00:13, 7 Sep 2005 (EDT) | ||
Revision as of 23:13, 6 September 2005
ok, so how do you start and stop the firewall? In linux it's a simple "iptables stop" (or start) -- or the redhat dumbed down version is "service iptables stop"....curious how it's done in FreeBSD (haven't had a need to put a FW on one yet...)
--Dave 10:58, 6 Sep 2005 (EDT)
also, typo?
# let everything on your internal network talk to the firewall
$cmd 01101 allow all from any to any via $iif keep-state
shouldn't this be
# let everything on your internal network talk to the firewall
$cmd 01101 allow all from $inside to any via $iif keep-state
$inside to any via $iif
If you're concerned with preventing address spoofing FROM your internal network going OUT to the real world, yes.
I tend to prefer my firewalls to let me-the-user do pretty much anything I want to, as a general rule. It shouldn't really make a whole lot of difference, in practice. --Jimbo 00:13, 7 Sep 2005 (EDT)
