firewall setup

Francois Tigeot ftigeot at wolfpond.org
Fri May 10 05:28:25 PDT 2013


On Thu, May 09, 2013 at 11:20:36PM -0400, Pierre Abbat wrote:
> I'm going to set up the new box as my firewall. I need it to do this:
[...]
> *Assign IPv6 addresses to the computers on the inside. I don't find the radvd 
> program or package.

It's generally managed from rc.conf. Some variation of these lines should
be enough:

  rtadvd_enable="YES"
  rtadvd_interfaces="em0"

[...]
> *Run NAT on outgoing packets from inside computers. This means I have to run 
> natd, but "rcrun enable natd" doesn't work.

Why ? pf(4) is fine. Better than natd, even.

> *Give outgoing SIP packets higher priority.
> *Filter incoming TCP connections on IPv6.
> *Block all packets from addresses listed in a file of password guessers, which 
> is updated by a cron job on the Linux box.
> *Block all connections from the outside to ports 60xx (X11), including the 
> ports on the firewall itself.
> 
> em0 is the currently unconnected outside interface; em1 is the inside 
> interface.
> 
> How can I set all this up?

pf(4) does everything you want to do and more.

There are many tutorials out there; pf.conf(5) should also be a good
starting point.

-- 
Francois Tigeot



More information about the Users mailing list