firewall setup
Francois Tigeot
ftigeot at wolfpond.org
Fri May 10 05:28:25 PDT 2013
On Thu, May 09, 2013 at 11:20:36PM -0400, Pierre Abbat wrote:
> I'm going to set up the new box as my firewall. I need it to do this:
[...]
> *Assign IPv6 addresses to the computers on the inside. I don't find the radvd
> program or package.
It's generally managed from rc.conf. Some variation of these lines should
be enough:
rtadvd_enable="YES"
rtadvd_interfaces="em0"
[...]
> *Run NAT on outgoing packets from inside computers. This means I have to run
> natd, but "rcrun enable natd" doesn't work.
Why ? pf(4) is fine. Better than natd, even.
> *Give outgoing SIP packets higher priority.
> *Filter incoming TCP connections on IPv6.
> *Block all packets from addresses listed in a file of password guessers, which
> is updated by a cron job on the Linux box.
> *Block all connections from the outside to ports 60xx (X11), including the
> ports on the firewall itself.
>
> em0 is the currently unconnected outside interface; em1 is the inside
> interface.
>
> How can I set all this up?
pf(4) does everything you want to do and more.
There are many tutorials out there; pf.conf(5) should also be a good
starting point.
--
Francois Tigeot
More information about the Users
mailing list