best way to integrate ipfw rules to 9.3

Status
Not open for further replies.
mike tancsa

mike tancsa

Cadet
Joined
Jan 2, 2015
Messages
8
Hi,
I am a new FreeNAS user and have been making good progress replacing a number of internal servers with a FreeNAS box. As part of setting up backups to my backup server from my FreeNAS server, I want to add a VLAN interface onto the FreeNAS box so I can send out zfs streams. For policy reasons, I dont want access from the backup server going to the FreeNAS box.
I noticed that FreeNAS has ipfw built in by default

# ipfw show
65535 325721 165393384 allow ip from any to any
#
and I can work with that just fine to add my inbound deny rules. However, I would like those rules automatically added at startup. What/where is the best place to put that in FreeNAS ?
9.3-RELEASE-p5 FreeBSD 9.3-RELEASE-p5 #1 r275790+7b75f75: Tue Dec 30 09:13:52 PST 2014
 
zambanini

zambanini

Patron
Joined
Sep 11, 2013
Messages
479
freenas is appliance system, no messing around with startup scripts.

however, you can run scripts from cron or create a jail which starts when freenas starts. the jail could run a script that does ssh to freenas .... anyway if you have to ask .. you should not do it.
 
mike tancsa

mike tancsa

Cadet
Joined
Jan 2, 2015
Messages
8
Actually, I noticed under tasks, there is a section for init/shutdown scripts. I will add my network ACLs there.
 
Gonzalo

Gonzalo

Patron
Joined
Nov 29, 2014
Messages
457
These are the steps you should follow to do it in a Jail:

1) Create the Jail (where IPFW is installed by default).
2) Inside the Jail, execute: echo firewall_enable="YES" >> /etc/rc.conf and echo firewall_type="/etc/ipfw_rules" >> /etc/rc.conf
3) Create the file /etc/ipfw_rules (you can change the filename or path) and add the rules you need.
4) Restart to see if all it's working as expected.

If you need it on the main system, make those changes on /conf/base/etc/rc.conf.
 
Last edited:
Gonzalo

Gonzalo

Patron
Joined
Nov 29, 2014
Messages
457
mike tancsa said:
Actually, I noticed under tasks, there is a section for init/shutdown scripts. I will add my network ACLs there.
Click to expand...
As jgreco said, this is the correct answer, forget mine.
 
Status
Not open for further replies.

Similar threads

A
  • Locked
SOLVED Where to put pre-init script? (or attempts to make FreeNAS safe; ipfw)
2
Replies
24
Views
8K
sretalla
sretalla
Michael Wulff Nielsen
  • Locked
Block those pesky SSH logins
2
Replies
25
Views
9K
ac milton
A
gtp04
  • Locked
IPFW loading rules in jail
2
Replies
25
Views
7K
gtp04
gtp04
LimeCrusher
SOLVED IPFW failing to discard packets
Replies
0
Views
1K
LimeCrusher
LimeCrusher
Stane1983
SOLVED TrueNAS-13.0-U4 - ipfw issue loading custom rules
Replies
11
Views
1K
kole5o
K
Top