From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Jan  3 15:07:29 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id PAA54278;
	Wed, 3 Jan 2001 15:07:29 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from tac.tsukuba.ac.jp (bsd2.tac.tsukuba.ac.jp [130.158.192.79])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id PAA54273
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 3 Jan 2001 15:07:28 +0900 (JST)
	(envelope-from hiromi@tac.tsukuba.ac.jp)
Received: (qmail 85156 invoked from network); 3 Jan 2001 15:07:23 +0900
Received: from p166.tac.tsukuba.ac.jp (HELO localhost) (@130.158.192.54)
  by bsd2.tac.tsukuba.ac.jp with SMTP; 3 Jan 2001 15:07:23 +0900
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <200101021751.CAA23403@mail.geocities.co.jp>
References: <200101021751.CAA23403@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20010103150723L.hiromi@tac.tsukuba.ac.jp>
Date: Wed, 03 Jan 2001 15:07:23 +0900
From: Hiromi Kimura <hiromi@tac.tsukuba.ac.jp>
X-Dispatcher: imput version 20000228(IM140)
Lines: 43
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 57982
Subject: [FreeBSD-users-jp 57982] Re: IPFW or IP Filter ?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: hiromi@tac.tsukuba.ac.jp

In <<200101021751.CAA23403@mail.geocities.co.jp>>
 <"Y.Nakayama" <ml1@geocities.co.jp>> writes
> $BFC$K(B NAT(Gateway)$B$r;HMQ$7$J$$>l9g!"(B
> IPFW $B$H!"(BIP Filter$B!"$I$A$i$,(B {$BJXMx(B, $BM-8z(B} $B$J$N$G$7$g$&$+!)(B

$B=i?4<T8~$1$NEz$(!V$I$A$i$bM-8z!W!#(B
NAT $B$r;H$&$J$i(B IP Filter$B!JJQ49%F!<%V%k$,%b%K%?$G$-$k$+$i!K!#(B

http://www.tac.tsukuba.ac.jp/~hiromi/ipfw.html
http://www.tac.tsukuba.ac.jp/~hiromi/ipf.html

4.2R $B$J$i$P!"%+!<%M%k$r:F9=C[$7$J$/$F$b(B kldload $B$G(B
$B$I$A$i$b;HMQ$G$-$k$N$G!"@'HsN>J};n$7$F2<$5$$!#(B
$B$?$@$7!"(BIPFW $B$N%+!<%M%k%b%8%e!<%k$O!"%m%0$r<h$l$k$h$&$K$9$k$?$a$K!"(B
	# cd /sys/modules/ipfw
	# vi Makefile
		$B0J2<$N(B2$B9T$N%3%a%s%H%^!<%/!J(B#$B!K$r<h$k(B
		CFLAGS+= -DIPFIREWALL_VERBOSE
		CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
	# make
	# make install
$B$H$7$F2<$5$$!#(B
IPFW $B$r;H$&$J$i!"(B
	# kldload ipfw
IPF $B$r;H$&$J$i!"(B
	# kldload ipl		<== ipf $B$G$J$/$F(B ipl
$B$G(B OK $B$G$9!#(B


> $B$^$?!";W$C$?$N$G$9$,!"(B{IPFW, IP Filter} $B$r(B kernel $B$KAH$_9~$s$@>l9g!"(B
> $B%"%/%;%9@)8B$NM%@h=g0L$O!"(B
> 
> /etc/{ipfw.conf, ipf.conf}
> /etc/hosts.allow
> 
> $B$N$I$A$i$J$N$G$7$g$&$+!)(B

IPFW $B$b(B IPF $B$b(B IP $BAX$N%U%#%k%?!<$G$9!#(B
hosts.allow$B!J(BTCP wrapper$B!K$O(B TCP/UDP $BAX$G$9!#(B

-=-=-=-=-
$BLZB<GnH~(B  $BC^GHBg3X(B $B2CB.4o%;%s%?!<(B http://www.tac.tsukuba.ac.jp/~hiromi/
PGP Fingerprint16 = 2A 27 2E 46 9E 75 4E 3D  E3 FD 5A DC 2A AA 3A 2E
