From e9ad60cbc81236d04913883f92b675ab5ae7724c Mon Sep 17 00:00:00 2001 From: Giorgos Keramidas Date: Mon, 1 Sep 2008 22:38:57 +0000 Subject: [PATCH] MFen: 1.34 doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml --- .../articles/dialup-firewall/article.sgml | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/el_GR.ISO8859-7/articles/dialup-firewall/article.sgml b/el_GR.ISO8859-7/articles/dialup-firewall/article.sgml index 261e40a93f..c881893658 100644 --- a/el_GR.ISO8859-7/articles/dialup-firewall/article.sgml +++ b/el_GR.ISO8859-7/articles/dialup-firewall/article.sgml @@ -3,7 +3,7 @@ The FreeBSD Greek Documentation Project %SOURCE% en_US.ISO8859-1/articles/dialup-firewall/article.sgml - %SRCID% 1.33 + %SRCID% 1.34 --> @@ -84,7 +84,8 @@ τότε θα πρέπει να ενεργοποιήσετε την επιλογή IPFW2 και να διαβάσετε τη σελίδα βοήθειας &man.ipfw.8; για περισσότερες πληροφορίες σχετικά με την επιλογή - IPFW2. + IPFW2. Προσέξτε ιδιαίτερα το + τμήμα USING IPFW2 IN FreeBSD-STABLE. @@ -212,18 +213,36 @@ fwcmd="/sbin/ipfw" # defaults to tun0. oif="tun0" +# Define our inside interface. This is usually your network +# card. Be sure to change this to match your own network +# interface. +iif="fxp0" + # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via tun0 +# Check the state of all packets. +$fwcmd add check-state + +# Stop spoofing on the outside interface. +$fwcmd add deny ip from any to any in via $oif not verrevpath + # Allow all connections that we initiate, and keep their state, # but deny established connections that don't have a dynamic rule. -$fwcmd add check-state $fwcmd add allow ip from me to any out via $oif keep-state $fwcmd add deny tcp from any to any established in via $oif +# Allow all connections within our network. +$fwcmd add allow ip from any to any via $iif + +# Allow all local traffic. +$fwcmd add allow all from any to any via lo0 +$fwcmd add deny all from any to 127.0.0.0/8 +$fwcmd add deny ip from 127.0.0.0/8 to any + # Allow internet users to connect to the port 22 and 80. # This example specifically allows connections to the sshd and a # webserver.