From owner-freebsd-questions@FreeBSD.ORG Thu Sep 30 08:14:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D63D16A4CE for ; Thu, 30 Sep 2004 08:14:53 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3B6043D46 for ; Thu, 30 Sep 2004 08:14:52 +0000 (GMT) (envelope-from Roisin.Murphy@gmail.com) Received: by mproxy.gmail.com with SMTP id 79so3523451rnk for ; Thu, 30 Sep 2004 01:14:52 -0700 (PDT) Received: by 10.38.171.77 with SMTP id t77mr1937675rne; Thu, 30 Sep 2004 01:14:52 -0700 (PDT) Received: by 10.38.171.55 with HTTP; Thu, 30 Sep 2004 01:14:52 -0700 (PDT) Message-ID: Date: Thu, 30 Sep 2004 01:14:52 -0700 From: Roisin Murphy To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: filtering aliasIP from the primaryIP with IPF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Roisin Murphy List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 08:14:53 -0000 hi my freebsd machine is 192.168.1.34 with one jail running on 192.168.1.35 (dc0_alias), and i have one more separate win2k box: 192.168.1.33, i want to filter that jail with ipf, so that it cannot access anything running on that win2k machine and anything bind to the primary fbsd IP, but i want to be still able to ssh into that .35 jail filtering the win2k box worked as expected: pass in quick on dc0 proto tcp from 192.168.1.33 to 192.168.1.35 port = 22 flags S keep state block out quick on dc0 proto tcp/udp from 192.168.1.35 to 192.168.1.33 keep state keep frags but that primary fbsd IP, since its the same dc0 interface, i dont know how to write that rule... anyone? thanks