ipfw dynamic rules
Ian Smith
smithi at nimnet.asn.au
Sun Mar 23 13:16:29 UTC 2014
On Sat, 22 Mar 2014 22:39:36 -0700, Julian Elischer wrote:
> reposting with a useful subject line and more comments
>
> On 3/22/14, 10:33 PM, Julian Elischer wrote:
> >
> > in ipfw that's up to you..
> > but I usually put the check-state quite early in my rule sets.
> >
> On 3/22/14, 1:34 AM, Ian Smith wrote:
> > Firstly, that's the one page in the handbook (that I know of) that needs
> > completely nuking. It contains many factual errors as well as weird
> > notions, and will only tend to mislead you; consult ipfw(8) and prosper.
> > I'd say refer to the examples in rc.firewall but it too is in disrepair.
Firstly, I owe an apology to the doc crew, one of whom contacted me
privately to point out that the ipfw page has had quite a massaging
lately, and work is ongoing. I'm sorry for not checking again first.
> I am working on a new rc.firewall that is much more efficient.
> the trouble is that the script to make it do what I want is a bit more
> complicated.
> I'll put it out for discussion later. maybe tonight.
Great. Maybe my failed rc.firewall patch from '11 can still be useful.
> as for the handbook pages.. after we see how the new firewall rules work
> we can see about rewriting the page.
Yes, well it seems there's a newer framework worth hanging it on now.
I guess we should drop freebsd-security@ until there's some news?
cheers, Ian
More information about the freebsd-security
mailing list