ipfw gateway

On top of spaghetti..

Previously I posted some simple ipfw rules, and this is where it excels. When things get more complicated though, list based rules start being convoluted. This is my home server firewall which amongst other things provides traffic shaping for the wired and wireless network and transparent proxy of http traffic.

For those who have programmed in BASIC, this probably looks familiar and back in those days people called it spaghetti code, with all the GOTO statements.

There are a few other parts that you need configured for all of this to work, but you can get those instructions from the FreeBSD handbook and other sources. This is simply an example of what you can do and it is commented. You can grab my current script from here.

This is also a good example of when one should consider other tools. In this case PF firewall (also part of FreeBSD) could probably be used to make things like nat and traffic shapping rules simpler. One should always keep an open mind toward trying out other solutions and learning new things. So doing this in PF would be a fun project.

Fun!?! Yeah fun :) This was evident at Aizatto's 21st, which became a FOSS meetup, where if you put people like aizatto, angch, ditesh and lotso in a room, somebody will eventually whip out a laptop to show off some code.