I'm now on the way to define my own rules in ipfw.rules for the firewall settings with IPFW.
First I have setting the rules exactly like they will build when using /etc/rc.firewall with parameter "workstation", what can be also done with settings in /etc/rc.conf. And I set some addition rules for my services.
I have look around with google how to do this at the very best and found this website
https://www.adminbyaccident.com/fre...ow-to-configure-the-ipfw-firewall-on-freebsd/
with a long description and that advice:
Question: do you think this ordering is a good way to do so? Or would you advice against this and why?
Please read the website above, to get more information before answering. I.E. he "complain" that this tips from https://docs.freebsd.org/doc/7.4-RELEASE/usr/share/doc/handbook/firewalls-ipfw.html in chapter '30.6.5.5 Stateful Ruleset', paragraph 5, are no more in the actual handbook. Is there a reason why the handbook has changed for this?
First I have setting the rules exactly like they will build when using /etc/rc.firewall with parameter "workstation", what can be also done with settings in /etc/rc.conf. And I set some addition rules for my services.
I have look around with google how to do this at the very best and found this website
https://www.adminbyaccident.com/fre...ow-to-configure-the-ipfw-firewall-on-freebsd/
with a long description and that advice:
The rules should be first organized into three major sections, all the free unmolested interfaces, public interface outbound, and the public interface inbound.
I like to change my rules in that way, but I'm unsure if this is OK.# A) All the free unmolested interfaces
#==============================================================================
# B) Outbound Section (Interface facing Public Internet)
#==============================================================================
# C) Inbound Section (Interface facing Public Internet)
#==============================================================================
Question: do you think this ordering is a good way to do so? Or would you advice against this and why?
Please read the website above, to get more information before answering. I.E. he "complain" that this tips from https://docs.freebsd.org/doc/7.4-RELEASE/usr/share/doc/handbook/firewalls-ipfw.html in chapter '30.6.5.5 Stateful Ruleset', paragraph 5, are no more in the actual handbook. Is there a reason why the handbook has changed for this?