pavement

Talk:Firewall, Configuring

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(starting and stopping the firewall)
(Start/stop)
Line 23: Line 23:
  
 
For instance that ruleset in the article?  Notice that the first line is #!/bin/sh - you guessed it, it's a Bourne shell script, so to start a firewall with that ruleset you would just run that script.  You have to define what a "stopped" condition is before I can tell you how to "stop" the firewall.  By "stop the firewall" do you mean "drop all traffic" or "pass all traffic"?  --[[User:Jimbo|Jimbo]] 00:17, 7 Sep 2005 (EDT)
 
For instance that ruleset in the article?  Notice that the first line is #!/bin/sh - you guessed it, it's a Bourne shell script, so to start a firewall with that ruleset you would just run that script.  You have to define what a "stopped" condition is before I can tell you how to "stop" the firewall.  By "stop the firewall" do you mean "drop all traffic" or "pass all traffic"?  --[[User:Jimbo|Jimbo]] 00:17, 7 Sep 2005 (EDT)
 +
 +
== Start/stop ==
 +
 +
In this article, the IPFW is loaded via the kernel, if the firewall was loaded via kernel module, you could issue a "kldunload ipfw.ko".

Revision as of 16:10, 7 September 2005

ok, so how do you start and stop the firewall? In linux it's a simple "iptables stop" (or start) -- or the redhat dumbed down version is "service iptables stop"....curious how it's done in FreeBSD (haven't had a need to put a FW on one yet...)

--Dave 10:58, 6 Sep 2005 (EDT)

Contents

also, typo?

# let everything on your internal network talk to the firewall
        $cmd 01101 allow all from any to any via $iif keep-state 

shouldn't this be

# let everything on your internal network talk to the firewall
        $cmd 01101 allow all from $inside to any via $iif keep-state

$inside to any via $iif

If you're concerned with preventing address spoofing FROM your internal network going OUT to the real world, yes.

I tend to prefer my firewalls to let me-the-user do pretty much anything I want to, as a general rule. It shouldn't really make a whole lot of difference, in practice. --Jimbo 00:13, 7 Sep 2005 (EDT)

starting and stopping the firewall

There isn't any real "omg this stops and starts it" sort of command - you just issue the rule commands you want, either directly from the command line or from a script.

For instance that ruleset in the article? Notice that the first line is #!/bin/sh - you guessed it, it's a Bourne shell script, so to start a firewall with that ruleset you would just run that script. You have to define what a "stopped" condition is before I can tell you how to "stop" the firewall. By "stop the firewall" do you mean "drop all traffic" or "pass all traffic"? --Jimbo 00:17, 7 Sep 2005 (EDT)

Start/stop

In this article, the IPFW is loaded via the kernel, if the firewall was loaded via kernel module, you could issue a "kldunload ipfw.ko".

Personal tools