Date: Tue, 9 Apr 2002 14:07:56 -0500 From: "Mire, John" <jmire@lsuhsc.edu> To: "'cravey@hal-pc.org'" <cravey@hal-pc.org>, "Mire, John" <jmire@lsuhsc.edu> Cc: freebsd-questions@freebsd.org Subject: RE: ipfw config to only allow gif tunnels. Message-ID: <DAC809EAC7E4594AA0696EF512F6ABF10AA7388E@sh-exch>
next in thread | raw e-mail | index | archive | help
I guess I missing something, because the gif interfaces have to exist either by cloning or by creating them and I use a similiar rule to allow gif interface traffic to traverse my firewall regardless of the ipaddresses associated with them. Without it the gif (ipip) traffic gets blocked. The other thing to do is use the protocol number: ipip 94 IPIP # Yet Another IP encapsulation encap 98 ENCAP # Yet Another IP encapsulation I'm betting on 94 and write the rule something like: ipfw add 00122 allow 94 from a.b.c.d to me ipfw add 00124 allow 94 from me to a.b.c.d you could even add granularity by specifying the interface, etc... -----Original Message----- From: cravey@hal-pc.org [mailto:cravey@hal-pc.org] Sent: Tuesday, April 09, 2002 1:46 PM To: jmire@lsuhsc.edu Cc: freebsd-questions@freebsd.org Subject: RE: ipfw config to only allow gif tunnels. Sorry, that doesn't seem to work unless you're trying to firewall the traffic coming down the tunnel with the tunnel already established. Any other suggestions? Thanks. -Stephen > try something like: > > ipfw add 00122 allow ip from a.b.c.d to me via gif0 > ipfw add 00124 allow ip from me to a.b.c.d via gif0 > > -- > John Mire: jmire@lsuhsc.edu Network Administration > 318-675-5434 LSU Health Sciences Center - Shreveport > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAC809EAC7E4594AA0696EF512F6ABF10AA7388E>