Talk:Firewall, Configuring
(starting and stopping the firewall) |
(Start/stop) |
||
Line 23: | Line 23: | ||
For instance that ruleset in the article? Notice that the first line is #!/bin/sh - you guessed it, it's a Bourne shell script, so to start a firewall with that ruleset you would just run that script. You have to define what a "stopped" condition is before I can tell you how to "stop" the firewall. By "stop the firewall" do you mean "drop all traffic" or "pass all traffic"? --[[User:Jimbo|Jimbo]] 00:17, 7 Sep 2005 (EDT) | For instance that ruleset in the article? Notice that the first line is #!/bin/sh - you guessed it, it's a Bourne shell script, so to start a firewall with that ruleset you would just run that script. You have to define what a "stopped" condition is before I can tell you how to "stop" the firewall. By "stop the firewall" do you mean "drop all traffic" or "pass all traffic"? --[[User:Jimbo|Jimbo]] 00:17, 7 Sep 2005 (EDT) | ||
+ | |||
+ | == Start/stop == | ||
+ | |||
+ | In this article, the IPFW is loaded via the kernel, if the firewall was loaded via kernel module, you could issue a "kldunload ipfw.ko". |
Revision as of 16:10, 7 September 2005
ok, so how do you start and stop the firewall? In linux it's a simple "iptables stop" (or start) -- or the redhat dumbed down version is "service iptables stop"....curious how it's done in FreeBSD (haven't had a need to put a FW on one yet...)
--Dave 10:58, 6 Sep 2005 (EDT)
Contents |
also, typo?
# let everything on your internal network talk to the firewall $cmd 01101 allow all from any to any via $iif keep-state
shouldn't this be
# let everything on your internal network talk to the firewall $cmd 01101 allow all from $inside to any via $iif keep-state
$inside to any via $iif
If you're concerned with preventing address spoofing FROM your internal network going OUT to the real world, yes.
I tend to prefer my firewalls to let me-the-user do pretty much anything I want to, as a general rule. It shouldn't really make a whole lot of difference, in practice. --Jimbo 00:13, 7 Sep 2005 (EDT)
starting and stopping the firewall
There isn't any real "omg this stops and starts it" sort of command - you just issue the rule commands you want, either directly from the command line or from a script.
For instance that ruleset in the article? Notice that the first line is #!/bin/sh - you guessed it, it's a Bourne shell script, so to start a firewall with that ruleset you would just run that script. You have to define what a "stopped" condition is before I can tell you how to "stop" the firewall. By "stop the firewall" do you mean "drop all traffic" or "pass all traffic"? --Jimbo 00:17, 7 Sep 2005 (EDT)
Start/stop
In this article, the IPFW is loaded via the kernel, if the firewall was loaded via kernel module, you could issue a "kldunload ipfw.ko".