1############
2# Setup system for firewall service.
3# $Id: rc.firewall,v 1.11 1997/05/03 11:22:17 jkh Exp $
4
5############
6#
7# >>Warning<<
8# This file is not very old yet, and have been put together without much
9# testing of the contents.
10
11# Set this to be the type of firewall you want: open, client, simple or NONE.
--- 6 unchanged lines hidden (view full) ---
18# If you don't know enough about packet filtering, we suggest that you
19# take time to read this book:
20#
21# Building Internet Firewalls
22# Brent Chapman and Elizabeth Zwicky
23#
24# O'Reilly & Associates, Inc
25# ISBN 1-56592-124-0
26# http://www.ora.com/
27#
28# For a more advanced treatment of Internet Security read:
29#
30# Firewalls & Internet Security
31# Repelling the wily hacker
32# William R. Cheswick, Steven M. Bellowin
33#
34# Addison-Wesley
35# ISBN 0-201-6337-4
36# http://www.awl.com/
37#
38
39############
40# Flush out the list before we begin.
41/sbin/ipfw -f flush
42
43############
44# If you just configured ipfw in the kernel as a tool to solve network
--- 44 unchanged lines hidden (view full) ---
89 # Allow DNS queries out in the world
90 /sbin/ipfw add pass udp from any 53 to ${ip}
91 /sbin/ipfw add pass udp from ${ip} to any 53
92
93 # Allow NTP queries out in the world
94 /sbin/ipfw add pass udp from any 123 to ${ip}
95 /sbin/ipfw add pass udp from ${ip} to any 123
96
97 # Everything else is denied as default.
98
99elif [ "${firewall}" = "simple" ]; then
100
101 ############
102 # This is a prototype setup for a simple firewall. Configure this machine
103 # as a named server and ntp server, and point all the machines on the inside
104 # at this machine for those services.
105 ############
--- 40 unchanged lines hidden (view full) ---
146 # Allow DNS queries out in the world
147 /sbin/ipfw add pass udp from any 53 to ${oip}
148 /sbin/ipfw add pass udp from ${oip} to any 53
149
150 # Allow NTP queries out in the world
151 /sbin/ipfw add pass udp from any 123 to ${oip}
152 /sbin/ipfw add pass udp from ${oip} to any 123
153
154 # Everything else is denied as default.
155
156elif [ "${firewall}" != "NONE" -a -r "${firewall}" ]; then
157
158 /sbin/ipfw ${firewall}
159fi
2# Setup system for firewall service.
3# $Id: rc.firewall,v 1.11 1997/05/03 11:22:17 jkh Exp $
4
5############
6#
7# >>Warning<<
8# This file is not very old yet, and have been put together without much
9# testing of the contents.
10
11# Set this to be the type of firewall you want: open, client, simple or NONE.
--- 6 unchanged lines hidden (view full) ---
18# If you don't know enough about packet filtering, we suggest that you
19# take time to read this book:
20#
21# Building Internet Firewalls
22# Brent Chapman and Elizabeth Zwicky
23#
24# O'Reilly & Associates, Inc
25# ISBN 1-56592-124-0
26# http://www.ora.com/
27#
28# For a more advanced treatment of Internet Security read:
29#
30# Firewalls & Internet Security
31# Repelling the wily hacker
32# William R. Cheswick, Steven M. Bellowin
33#
34# Addison-Wesley
35# ISBN 0-201-6337-4
36# http://www.awl.com/
37#
38
39############
40# Flush out the list before we begin.
41/sbin/ipfw -f flush
42
43############
44# If you just configured ipfw in the kernel as a tool to solve network
--- 44 unchanged lines hidden (view full) ---
89 # Allow DNS queries out in the world
90 /sbin/ipfw add pass udp from any 53 to ${ip}
91 /sbin/ipfw add pass udp from ${ip} to any 53
92
93 # Allow NTP queries out in the world
94 /sbin/ipfw add pass udp from any 123 to ${ip}
95 /sbin/ipfw add pass udp from ${ip} to any 123
96
97 # Everything else is denied as default.
98
99elif [ "${firewall}" = "simple" ]; then
100
101 ############
102 # This is a prototype setup for a simple firewall. Configure this machine
103 # as a named server and ntp server, and point all the machines on the inside
104 # at this machine for those services.
105 ############
--- 40 unchanged lines hidden (view full) ---
146 # Allow DNS queries out in the world
147 /sbin/ipfw add pass udp from any 53 to ${oip}
148 /sbin/ipfw add pass udp from ${oip} to any 53
149
150 # Allow NTP queries out in the world
151 /sbin/ipfw add pass udp from any 123 to ${oip}
152 /sbin/ipfw add pass udp from ${oip} to any 123
153
154 # Everything else is denied as default.
155
156elif [ "${firewall}" != "NONE" -a -r "${firewall}" ]; then
157
158 /sbin/ipfw ${firewall}
159fi