add custom port forward rule to ipfw on freebsd

Question

Hello I am new tu freebsd

I configured my /etc/rc.conf like this:

sshd_enable="YES"

firewall_enable="YES"
firewall_quiet="YES"
firewall_type="workstation"
firewall_myservices="4711 80"
firewall_allowservices="any"
firewall_logdeny="YES"

ntpd_enable="YES"
ntpd_sync_on_start="YES"

I now want an aditional ipfw rule that forwards connections on port 80 to port 8080

On my Mac server i do this like this:

ipfw flush
ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in
ipfw add 100 fwd 127.0.0.1,8443 tcp from any to any 443 in

How can I configure ipfw on freebsd, so it takes care of those rules on startup. As you can see I load firewall_type="workstation" which allies a set of default rules. How can I add my rules to this subset permanently?

Any ideas? kind regards Martin

Answer 1

Richard Smith gave me the hint (but it's written in the manual, too ;-)).

For those who want to add port forward rules, here is what I have done.

As I use the settings for "Workstation", I edited the section which begins with:

[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]

I added the following

# Portforwarding
${fwcmd} add fwd 127.0.0.1,8080 tcp from any to any 80 in
echo "Consider tcp portforwarding from all on 80 to 8080"

That's all... Add whatever you want here...

kind regards martin

Answer 2

The rules for firewall_type="workstation" are located in another file called:

/etc/rc.firewall

You can add your custom rules here. Alternatively, you could replace the rules file with a new file (for example: /etc/rc.firewall.local) and select it from /etc/rc.conf using:

firewall_script="/etc/rc.firewall.local"