From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Apr 24 00:26:29 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA25909;
	Tue, 24 Apr 2001 00:26:29 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA25904
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 24 Apr 2001 00:26:28 +0900 (JST)
	(envelope-from llc@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id AAA23923 for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 24 Apr 2001 00:26:28 +0900 (JST)
Received: from UNKNOWN-DX (saitama0303-168117.zero.ad.jp [211.16.168.117]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with SMTP id AAA25862 for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 24 Apr 2001 00:26:24 +0900 (JST)
Message-Id: <200104231526.AAA25862@mail.geocities.co.jp>
X-Sender: llc@geocities.co.jp
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5-J (32)
Date: Tue, 24 Apr 2001 00:26:23 +0900
To: FreeBSD-users-jp@jp.freebsd.org
From: Muto Yasuhiro <u-610@mx9.freecom.ne.jp>
In-Reply-To: <200101121334.AA00713@nt.netforce.ne.jp>
References: <200101121306.WAA28385@mail.geocities.co.jp>
 <200101121306.WAA28385@mail.geocities.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 61000
Subject: [FreeBSD-users-jp 61000] Re: IPFW or IP Filter ?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: u-610@mx9.freecom.ne.jp




At 22:34 2001/01/12 +0900, you wrote:
> $BBg>l$G$9!#(B
> nat+ipfw$B$7$+CN$i$J$$$s$@$1$I(B
> 
> In message "[FreeBSD-users-jp 58180] Re: IPFW or IP Filter ?",Y.Nakayama
wrote...
> 
> >$B$=$3$G!"(B
> ># ipf -f /etc/ipf.conf
> >
> >$B$H!"<jF0$GFI$_9~$^$;$F!"$d$C$H%k!<%k%U%!%$%k$rG'<1$7$^$9!#(B
> >$B$I$&$d$i!"<+F0E*$K(B /etc/ipf.conf $B$rFI$_$K9T$+$J$$$h$&$G$9!#(B
> 
> $BA0$N%a!<%k$G$O(B
> 
> >ipf.sh
> >--------------------------------------------------
> >#!/bin/sh
> >kldload ipl && ipf -F a -f /etc/ipf.conf
> >--------------------------------------------------
> 
> $B$C$F=q$$$F$"$C$?$N$G!"$=$l$,$=$N$^$^D>$C$F$J$$$H$9$k$H!"(B
> 
> /etc/defaults/rc.conf$B$G$O(B
> 
> firewall_flags=""               # Flags passed to ipfw when type is a file
> ipfilter_enable="NO"            # Set to YES to enable ipfilter
functionality
> ipfilter_program="/sbin/ipf -Fa -f"
> ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
>                                 # /usr/src/contrib/ipfilter/rules for
examples
> ipfilter_flags="-E"             # should be *empty* when ipf is _not_ a
module
> 
> $B$H=P$k$N$G!"(B($B@5>o$KF0$+$J$$$H:$$k(B/etc/defaults/rc.conf$B$G(B)
> $B>e5-(Bgrep$B$N7k2L$+$i8+$k$H!V(B-Fa$B!W$J$N$K!"$d$m$&$H$7$F$k%9%/%j%W%H$G$O(B
> F$B$H(Ba$B$N4V$K!"!V%9%Z!<%9!WF~$C$F$k$s$G$9$,(B
> $B$A$c$s$HF0$+$J$$M}M3$O$3$3$KL5$$$G$9$+!)(B
> 
> $B!V(Bipf -Fa -f /etc/ipf.conf$B!W(B
> or
> $B!V(Bipf -F -a -f /etc/ipf.conf$B!W(B
> 
> $B$C$F=q$/$H(Bipf$B$,$A$c$s$HF0$-$^$;$s!)(B


$B;n$7$?7k2L!"$I$A$i$b$-$A$s$H%U%#%k%?%j%9%H$rGK4~$7$F$$$^$7$?!#(B

[sample:1]
# ipf -f /etc/ipf.conf
# ipf -F a
# ipfstat -i
empty list for ipfilter(in)
# ipfstat -o
empty list for ipfilter(out)

[sample:2]
# ipf -f /etc/ipf.conf
# ipf -Fa
# ipfstat -i
empty list for ipfilter(in)
# ipfstat -o
empty list for ipfilter(out)






> 
> --------------------------------------------------
> Name  : $BBg>l@5;V(B(Masashi Ohba)
> E-mail: ohba@netforce.ne.jp
> Add   : Fukuoka-city, Japan
> 
> 
