From owner-freebsd-ipfw@FreeBSD.ORG  Sun Oct 23 16:05:47 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 79D6A16A41F
	for <freebsd-ipfw@freebsd.org>; Sun, 23 Oct 2005 16:05:47 +0000 (GMT)
	(envelope-from WD@US-Webmasters.com)
Received: from usw2.natel.net (2b.bz [209.152.117.190])
	by mx1.FreeBSD.org (Postfix) with SMTP id EB48B43D49
	for <freebsd-ipfw@freebsd.org>; Sun, 23 Oct 2005 16:05:46 +0000 (GMT)
	(envelope-from WD@US-Webmasters.com)
Received: (qmail 53224 invoked from network); 23 Oct 2005 16:05:45 -0000
Received: from batv-01-192.dsl.netins.net (HELO Htebazile.US-Webmasters.com)
	(207.199.193.192)
	by us-webmasters.com with SMTP; 23 Oct 2005 16:05:45 -0000
Message-Id: <5.1.0.14.2.20051023110150.020a7b80@209.152.117.178>
X-Sender: wd@209.152.117.178
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 23 Oct 2005 11:04:58 -0500
To: freebsd-ipfw@freebsd.org
From: "W. D." <WD@US-Webmasters.com>
In-Reply-To: <4358FCE7.5040803@foxchat.net>
References: <4358899F.1090505@roamingsolutions.net>
	<435849B9.8040509@foxchat.net>
	<4358899F.1090505@roamingsolutions.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Daemon <daemon@foxchat.net>
Subject: Re: ipfw firewall help
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2005 16:05:47 -0000

At 09:36 10/21/2005, Daemon, wrote:
>Great!.  Thanks.  One possibly stupid question.  What is the "Deny
>Spoof"?  Is that like;
># Stop spoofing of your internal network range
>#       ${fwcmd} add deny ip from ${iif} to any in via ${oif}
># Stop spoofing from inside your private ip range
>#       ${fwcmd} add deny ip from not ${iif} to any in via ${iif}


Hey Daemon,

Your rules snippet looks great!  I really like the way you
have commented the lines.  When you have debugged your=20
firewall, would you please post the entire set here?  That way,
newbies can understand better how the firewall works.  I=20
haven't seen too many examples like this.

Thanks!

Start Here to Find It Fast!=99 ->=
 http://www.US-Webmasters.com/best-start-page/
$8.77 Domain Names -> http://domains.us-webmasters.com/