Re: /etc/rc.firewall fixes
From: Robert Clark (res03db2@gte.net)
Date: 02/21/01
- Next message: Brett Glass: "Re: /etc/rc.firewall fixes"
- Previous message: Kris Kennaway: "Re: Encrypted networked filesystem needed"
- In reply to: Tony Landells: "Re: /etc/rc.firewall fixes"
- Next in thread: Brett Glass: "Re: /etc/rc.firewall fixes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Feb 2001 19:24:16 -0800 From: Robert Clark <res03db2@gte.net> To: Tony Landells <ahl@austclear.com.au>
I'm interested.
[RC]
On Wed, Feb 21, 2001 at 09:05:02AM +1100, Tony Landells wrote:
> I'm in the process of hacking on my rc.firewall because I'm building
> new firewalls, so I'm interested in any ideas people have.
>
> The stuff that I put in yesterday was to auto-generate my anti-spoofing
> rules (which is a huge saving when you have seven Ethernet interfaces!),
> and organise my rule numbering.
>
> I also have stuff so that you basically only have to map the logical
> interfaces (oif, iif, etc.) to the physical interfaces (fxp0, fxp1, etc.)
> and it sets the other variables for you (oip, omask, iip, imask, etc.).
> Note that I don't bother with onet, inet, etc. because you can get the
> same result by using, for example, ${oip}:${omask}.
>
> As a result of these bits of hackery, my rc.firewall looks something like:
>
> <generate ?ip and ?mask variables>
> <generate anti-spoofing rules>
> <start a block of rules at the next multiple of 1000>
> rule...
> <start a block of rules at the next multiple of 1000>
> rule...
> <start a block of rules at the next multiple of 1000>
> rule...
> <start a block of rules at the next multiple of 1000>
> rule...
>
> <start a major block of rules at the next multiple of 10000>
> rule...
>
> If anyone wants to see it and has a fairly strong stomach ;-) let me
> know. If there are a few people interested, I'll post to the group.
>
> Cheers,
> Tony
> --
> Tony Landells <ahl@austclear.com.au>
> Senior Network Engineer Ph: +61 3 9677 9319
> Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355
> Level 4, Rialto North Tower
> 525 Collins Street
> Melbourne VIC 3000
> Australia
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Brett Glass: "Re: /etc/rc.firewall fixes"
- Previous message: Kris Kennaway: "Re: Encrypted networked filesystem needed"
- In reply to: Tony Landells: "Re: /etc/rc.firewall fixes"
- Next in thread: Brett Glass: "Re: /etc/rc.firewall fixes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
