Date: Sun, 10 May 1998 20:45:26 GMT From: mike@sentex.net (Mike Tancsa) To: capriotti@geocities.com (Capriotti) Cc: questions@FreeBSD.ORG Subject: Re: IPFW Rules Message-ID: <35560f9c.335533641@mail.sentex.net> In-Reply-To: <3.0.32.19980510143332.0092ea30@pop.mpc.com.br> References: <3.0.32.19980510143332.0092ea30@pop.mpc.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 May 1998 14:52:04 -0300, in sentex.lists.freebsd.questions you wrote: >I am trying to setup IPFW rules to match my needs, but, so far, all the >documentation, handbooks, and searches using fbsd's archivbes were not very >helpful; I still can't understand how to setup rules. The sample in /etc/rc.firewall is very comprehensive.. Here are some samples... e.g. to stop spoofing, assuming your outside interface is fxp0 and your internal netowk is 192.168.100.0/24 the command below would stop spoofed packets /sbin/ipfw add 1100 deny log all from 192.168.100.0:255.255.255.0 to any in via fxp0 To stop ICMP Echo /sbin/ipfw add 2000 deny log icmp from any to 199.212.134.0/24 in recv fxp0 icmptype 0,8 To stop mail from a SPAMMER's class C (Harris Marketing) ipfw add 3001 unreach filter-prohib log tcp from 208.26.102.0:255.255.255.0 to any 25 in recv fxp0 If you are experimenting for the first time, do it on the console, as the wrong command can lock out network access... ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35560f9c.335533641>