-
-
Save kbruner/a6570bf7345f63353d2307e4f6acae77 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~ # kenv net.inet.ip.fw.default_to_accept=1 | |
net.inet.ip.fw.default_to_accept="1" | |
~ # echo net.inet.ip.fw.default_to_accept=1 >> /boot/loader.conf | |
~ # sysrc firewall_enable="YES" | |
firewall_enable: NO -> YES | |
~ # sysrc gateway_enable="YES" | |
gateway_enable: NO -> YES | |
~ # sysrc firewall_nat_enable="YES" | |
firewall_nat_enable: NO -> YES | |
~ # sysctl net.inet.tcp.tso=0 | |
net.inet.tcp.tso: 0 -> 0 | |
~ # echo net.inet.tcp.tso="0" >> /etc/sysctl.conf | |
~ # service ipfw start | |
Firewall logging enabled. | |
~ # ipfw disable one_pass | |
~ # ipfw -q nat 1 config if em0 same_ports unreg_only reset | |
~ # sysctl net.inet.ip.fw.enable=1 | |
net.inet.ip.fw.enable: 0 -> 1 | |
~ # sysctl net.inet.ip.forwarding=1 | |
net.inet.ip.forwarding: 0 -> 1 | |
~ # sysctl net.inet6.ip6.forwarding=1 | |
net.inet6.ip6.forwarding: 0 -> 1 | |
~ # ipfw add 1 allow ip from any to any via lo0 | |
00001 allow ip from any to any via lo0 | |
~ # ipfw add 200 reass all from any to any in | |
00200 reass ip from any to any in | |
~ # ipfw add 201 check-state | |
00201 check-state :default | |
~ # ipfw add 205 nat 1 ip from 10.0.0.0/8 to any out via em0 | |
00205 nat 1 ip from 10.0.0.0/8 to any out via em0 | |
~ # ipfw add 210 nat 1 ip from any to any in via em0 | |
00210 nat 1 ip from any to any in via em0 | |
~ # ipfw show | |
00001 0 0 allow ip from any to any via lo0 | |
00200 2689 197170 reass ip from any to any in | |
00201 0 0 check-state :default | |
00205 0 0 nat 1 ip from 10.0.0.0/8 to any out via em0 | |
00210 46 3188 nat 1 ip from any to any in via em0 | |
65535 106815 10861896 allow ip from any to any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kenv net.inet.ip.fw.default_to_accept=1 | |
echo net.inet.ip.fw.default_to_accept=1 >> /boot/loader.conf | |
sysrc firewall_enable="YES" | |
sysrc gateway_enable="YES" | |
sysrc firewall_nat_enable="YES" | |
sysctl net.inet.tcp.tso=0 | |
echo net.inet.tcp.tso="0" >> /etc/sysctl.conf | |
service ipfw start | |
ipfw disable one_pass | |
ipfw -q nat 1 config if em0 same_ports unreg_only reset | |
sysctl net.inet.ip.fw.enable=1 | |
sysctl net.inet.ip.forwarding=1 | |
sysctl net.inet6.ip6.forwarding=1 | |
ipfw add 1 allow ip from any to any via lo0 | |
ipfw add 200 reass all from any to any in | |
ipfw add 201 check-state | |
ipfw add 205 nat 1 ip from 10.0.0.0/8 to any out via em0 | |
ipfw add 210 nat 1 ip from any to any in via em0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment