12.6. OpenBSD and FreeBSD

Firewall Builder supports configuring pf, ipfilter, and ipfw rules for OpenBSD and FreeBSD systems.

12.6.1. PF

To create a new pf firewall, select the PF platform option on the first page of the New Firewall wizard. You must also choose whether the firewall will be running on OpenBSD (the default) or FreeBSD.

Figure 12.1. New Firewall Wizard - PF Firewall

New Firewall Wizard - PF Firewall

12.6.1.1. FreeBSD

Starting in Firewall Builder V4.2 there are two supported modes for generating pf firewall configurations on FreeBSD systems.

  1. Standard Mode - in this case, Firewall Builder generates both a pf.conf-style configuration file and a .fw activation script.
  2. rc.conf Mode - in this case, Firewall Builder generates both a pf.conf-style configuration file and an rc.conf.local style configuration file.

Note

By default, file names use the name of the firewall object as the base of the filename. For example, a firewall named "guardian" would generate files called guardian.conf (pf.conf-style commands) and guardian.fw (bash shell activation script OR rc.conf.local-style settings).

You can override the default file names by changing the settings in the Firewall Settings on the Compiler tab.

Figure 12.2. Firewall Settings - Changing File Names

Firewall Settings - Changing File Names

Standard Mode

In this mode, Firewall Builder generates a firewall.conf file that uses the same style as pf.conf. By default, Firewall Builder will install this file in /etc. You can update the installation location by clicking the Installer tab in the Firewall Settings. The first entry is directory location on the firewall.

Firewall Builder also generates a firewall.fw file when it is configured in Standard mode. This is a bash shell script file that sets interface IP addresses, create static routes, etc., if these options have been selected in Firewall Settings.

This is the default mode and you don't need to change any settings to use Firewall Builder in this mode with your PF firewall running on FreeBSD.

rc.conf Mode

To switch from Standard Mode to rc.conf mode open the Firewall Settings window. Click onthe tab labeled Script. If your host OS is set to FreeBSD you will see two radio buttons at the top of the window to set the initialization mode. Select the radio button next to the "file in rc.conf format" option.

Figure 12.3. Firewall Settings - Changing Mode

Firewall Settings - Changing Mode

In this mode, the generated firewall.conf file is the same as the firewall.conf file that is generated in the Standard Mode.

Instead of a bash shell script in this mode the initialization file, firewall.fw, will be in rc.conf settings format as shown below.

Figure 12.4. Example Generated firewall.fw in rc.conf Format

Example Generated firewall.fw in rc.conf Format

12.6.1.2. OpenBSD

Firewall Builder only supports Standard Mode, which is where a bash script file is generated to configure system parameters such as interface IP addresses, for OpenBSD systems. The rc.conf option format is disabled for OpenBSD systems as shown below.

Figure 12.5. rc.conf Format Option Disabled for OpenBSD

rc.conf Format Option Disabled for OpenBSD

By default, generated scripts are installed in the /etc/fw/ directory on the firewall and the work of making sure they are executed on system start-up is left for the administrator. See Section 12.7 for some recommended ways to do this.

 

Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.