Hi.
I'm new to the FreeBSD world. As I'd like to gain some knowledge on this operating system, I decided to install FreeBSD on a little Raspberry board. I plan to use it as a general purpose (headless) home server.
Among other things, I'd like to expose it to the open Internet, so I can use it as a sharing device.
The Raspberry platform has got a single Ethernet port, I purchased an external NIC (USB). The idea is to attach one of the two NICs on the local network, and give the other one direct access to the broad-band.
I'd like to configure the firewall so that it is more liberal on the internal network, and more strict with connections coming from the outside.
Of course I base my firewall rules on the source network address, but I was wondering if it would be practical to base them on the network device name, instead.
I know it is feasible from the pf(4) standpoint, but I don't know (and I could not find any mention in the Handbook) if I can rely on the system assigning consistently the network device name.
What I would like to avoid, as you may understand, is to have the interface names swapped during a reboot, and ending up exposing to countless script kiddies some services that are not intended to be exposed.
Thanks in advance.
I'm new to the FreeBSD world. As I'd like to gain some knowledge on this operating system, I decided to install FreeBSD on a little Raspberry board. I plan to use it as a general purpose (headless) home server.
Among other things, I'd like to expose it to the open Internet, so I can use it as a sharing device.
The Raspberry platform has got a single Ethernet port, I purchased an external NIC (USB). The idea is to attach one of the two NICs on the local network, and give the other one direct access to the broad-band.
I'd like to configure the firewall so that it is more liberal on the internal network, and more strict with connections coming from the outside.
Of course I base my firewall rules on the source network address, but I was wondering if it would be practical to base them on the network device name, instead.
I know it is feasible from the pf(4) standpoint, but I don't know (and I could not find any mention in the Handbook) if I can rely on the system assigning consistently the network device name.
What I would like to avoid, as you may understand, is to have the interface names swapped during a reboot, and ending up exposing to countless script kiddies some services that are not intended to be exposed.
Thanks in advance.