From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Jan 12 22:34:20 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id WAA32527;
	Fri, 12 Jan 2001 22:34:20 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from dns1.netforce.ne.jp (dns1.netforce.ne.jp [211.18.227.226])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id WAA32520
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 12 Jan 2001 22:34:19 +0900 (JST)
	(envelope-from ohba@netforce.ne.jp)
Received: from nt.netforce.ne.jp (gw.netforce.ne.jp [211.18.227.227])
	by dns1.netforce.ne.jp (8.11.1/8.11.1) with SMTP id f0CDYFk47785
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 12 Jan 2001 22:34:15 +0900 (JST)
Message-Id: <200101121334.AA00713@nt.netforce.ne.jp>
From: Masashi Ohba <ohba@netforce.ne.jp>
Date: Fri, 12 Jan 2001 22:34:15 +0900
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <200101121306.WAA28385@mail.geocities.co.jp>
References: <200101121306.WAA28385@mail.geocities.co.jp>
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.11
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 58181
Subject: [FreeBSD-users-jp 58181] Re: IPFW or IP Filter ?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ohba@netforce.ne.jp

$BBg>l$G$9!#(B
nat+ipfw$B$7$+CN$i$J$$$s$@$1$I(B

In message "[FreeBSD-users-jp 58180] Re: IPFW or IP Filter ?",Y.Nakayama wrote...

>$B$=$3$G!"(B
># ipf -f /etc/ipf.conf
>
>$B$H!"<jF0$GFI$_9~$^$;$F!"$d$C$H%k!<%k%U%!%$%k$rG'<1$7$^$9!#(B
>$B$I$&$d$i!"<+F0E*$K(B /etc/ipf.conf $B$rFI$_$K9T$+$J$$$h$&$G$9!#(B

$BA0$N%a!<%k$G$O(B

>ipf.sh
>--------------------------------------------------
>#!/bin/sh
>kldload ipl && ipf -F a -f /etc/ipf.conf
>--------------------------------------------------

$B$C$F=q$$$F$"$C$?$N$G!"$=$l$,$=$N$^$^D>$C$F$J$$$H$9$k$H!"(B

/etc/defaults/rc.conf$B$G$O(B

firewall_flags=""               # Flags passed to ipfw when type is a file
ipfilter_enable="NO"            # Set to YES to enable ipfilter functionality
ipfilter_program="/sbin/ipf -Fa -f"
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
                                # /usr/src/contrib/ipfilter/rules for examples
ipfilter_flags="-E"             # should be *empty* when ipf is _not_ a module

$B$H=P$k$N$G!"(B($B@5>o$KF0$+$J$$$H:$$k(B/etc/defaults/rc.conf$B$G(B)
$B>e5-(Bgrep$B$N7k2L$+$i8+$k$H!V(B-Fa$B!W$J$N$K!"$d$m$&$H$7$F$k%9%/%j%W%H$G$O(B
F$B$H(Ba$B$N4V$K!"!V%9%Z!<%9!WF~$C$F$k$s$G$9$,(B
$B$A$c$s$HF0$+$J$$M}M3$O$3$3$KL5$$$G$9$+!)(B

$B!V(Bipf -Fa -f /etc/ipf.conf$B!W(B
or
$B!V(Bipf -F -a -f /etc/ipf.conf$B!W(B

$B$C$F=q$/$H(Bipf$B$,$A$c$s$HF0$-$^$;$s!)(B

--------------------------------------------------
Name  : $BBg>l@5;V(B(Masashi Ohba)
E-mail: ohba@netforce.ne.jp
Add   : Fukuoka-city, Japan
