DragonFly users List (threaded) for 2013-05
Re: firewall setup
On Thu, May 09, 2013 at 11:20:36PM -0400, Pierre Abbat wrote:
> I'm going to set up the new box as my firewall. I need it to do this:
> *Assign IPv6 addresses to the computers on the inside. I don't find the radvd
> program or package.
It's generally managed from rc.conf. Some variation of these lines should
> *Run NAT on outgoing packets from inside computers. This means I have to run
> natd, but "rcrun enable natd" doesn't work.
Why ? pf(4) is fine. Better than natd, even.
> *Give outgoing SIP packets higher priority.
> *Filter incoming TCP connections on IPv6.
> *Block all packets from addresses listed in a file of password guessers, which
> is updated by a cron job on the Linux box.
> *Block all connections from the outside to ports 60xx (X11), including the
> ports on the firewall itself.
> em0 is the currently unconnected outside interface; em1 is the inside
> How can I set all this up?
pf(4) does everything you want to do and more.
There are many tutorials out there; pf.conf(5) should also be a good