add custom port forward rule to ipfw on freebsd

Question

Hello I am new tu freebsd

I configured my /etc/rc.conf like this:

sshd_enable="YES"

firewall_enable="YES"
firewall_quiet="YES"
firewall_type="workstation"
firewall_myservices="4711 80"
firewall_allowservices="any"
firewall_logdeny="YES"

ntpd_enable="YES"
ntpd_sync_on_start="YES"

I now want an aditional ipfw rule that forwards connections on port 80 to port 8080

On my Mac server i do this like this:

ipfw flush
ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in
ipfw add 100 fwd 127.0.0.1,8443 tcp from any to any 443 in

How can I configure ipfw on freebsd, so it takes care of those rules on startup. As you can see I load firewall_type="workstation" which allies a set of default rules. How can I add my rules to this subset permanently?

Any ideas? kind regards Martin

Answer 1

The rules for firewall_type="workstation" are located in another file called:

/etc/rc.firewall

You can add your custom rules here. Alternatively, you could replace the rules file with a new file (for example: /etc/rc.firewall.local) and select it from /etc/rc.conf using:

firewall_script="/etc/rc.firewall.local"

Answer 2

Richard Smith gave me the hint (but it's written in the manual, too ;-)).

For those who want to add port forward rules, here is what I have done.

As I use the settings for "Workstation", I edited the section which begins with:

[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]

I added the following

# Portforwarding
${fwcmd} add fwd 127.0.0.1,8080 tcp from any to any 80 in
echo "Consider tcp portforwarding from all on 80 to 8080"

That's all... Add whatever you want here...

kind regards martin