From owner-freebsd-questions  Tue Jul 10 13:55:10 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from blueyonder.co.uk (pcow024o.blueyonder.co.uk [195.188.53.126])
	by hub.freebsd.org (Postfix) with ESMTP id BBB9C37B401
	for <questions@freebsd.org>; Tue, 10 Jul 2001 13:55:06 -0700 (PDT)
	(envelope-from jfm@blueyonder.co.uk)
Received: from lexx.my.domain ([62.31.194.122]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Tue, 10 Jul 2001 21:55:03 +0100
From: John Murphy <jfm@blueyonder.co.uk>
To: David Hill <david@wmol.com>
Cc: lanithium@dingoblue.net.au, questions@FreeBSD.ORG
Subject: Re: ip blocking
Date: Tue, 10 Jul 2001 21:55:24 +0100
Organization: poor
Reply-To: jfm@blueyonder.co.uk
Message-ID: <64qmkt8ib8rfdubj3acm6hlcp8ugbtfcu4@4ax.com>
References: <000a01c10948$d98127a0$0200000a@lanithium.com> <20010710112324.4ce8283b.david@wmol.com>
In-Reply-To: <20010710112324.4ce8283b.david@wmol.com>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

David Hill <david@wmol.com> wrote:

>On Tue, 10 Jul 2001 22:01:41 +0800
>"Lanithium" <lanithium@dingoblue.net.au> wrote:
>
>> Hi,
>>=20
>> I'm currently using freebsd 4.2. this machine runs my network of 2 =
other computers thru ppp & nat. I was wondering if it was possible to =
block certain ips from being used on my network?
>>=20
>> For example, say if i wanted to stop people from going to the site =
www.freebsd.org [216.136.204.21] would it be possible to do this within =
nat or some other way ?
>>=20
>> thanks in advance.
>>=20
>> Matt.
>> lanithium@dingoblue.net.au
>>=20
>>=20
>
>I believe it's possible with ppp's filter lists...
>But I would suggest using IPF or IPFW for firewalling and NAT

Why? PPP always seemed to do a cleaner job of the NAT and Firewall
functions than trying to work with the extra complexity of IPFW and NAT.
(for occasional dial up)

YMMV.  Take a look at /usr/share/examples/ppp/ppp.conf.sample
and man(8) ppp of course.

John.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message