From owner-freebsd-doc  Tue Feb 20 12:23:28 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4C70537B491; Tue, 20 Feb 2001 12:23:24 -0800 (PST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.1/8.11.1) with ESMTP id f1KKNWx94829;
	Tue, 20 Feb 2001 21:23:32 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: security@freebsd.org, doc@freebsd.org
Subject: ipfw examples...
From: Poul-Henning Kamp <phk@freebsd.org>
Date: Tue, 20 Feb 2001 21:23:32 +0100
Message-ID: <94827.982700612@critter>
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


The 
	ipfw deny tcp from any to me 23
                                  ^^

functionality is now present in both -current and -stable.  I think a
number of our ipfw examples, including rc.firewall might need a minor
revision in the light of this change.

In particular it has been pointed out to me, that it is now much
easier to firewall machines which get dynamic IP numbers from
DHCP or PPP or similar.

Consider this a gentle poke to look at this area...

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message