From owner-freebsd-security  Thu Mar 30 13:30:26 2000
Delivered-To: freebsd-security@freebsd.org
Received: from hydrant.intranova.net (hydrant.ncw.qc.ca [209.201.95.10])
	by hub.freebsd.org (Postfix) with SMTP id 1B2E837B893
	for <freebsd-security@freebsd.org>; Thu, 30 Mar 2000 13:30:21 -0800 (PST)
	(envelope-from oogali@intranova.net)
Received: (qmail 3958 invoked from network); 27 Mar 2000 23:50:20 -0000
Received: from localhost.abuselabs.com (HELO localhost) (missnglnk@127.0.0.1)
  by localhost.abuselabs.com with SMTP; 27 Mar 2000 23:50:20 -0000
Date: Mon, 27 Mar 2000 18:50:20 -0500 (EST)
From: Omachonu Ogali <oogali@intranova.net>
To: Blake Matheny <matheny@bussert.com>
Cc: freebsd-security@freebsd.org
Subject: Re: Firewall Rules
In-Reply-To: <Pine.BSF.4.10.10003271156080.30553-100000@arf.bussert.com>
Message-ID: <Pine.BSF.4.10.10003271849520.1294-100000@hydrant.intranova.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Try:
ipfw add deny all from 192.168.2.1/24 to any

On Mon, 27 Mar 2000, Blake Matheny wrote:

> I have a standard dual homed firewall that has the following options
> compiled in the kernel:
> options IPFIREWALL
> options IPFIREWALL_FORWARD
> options IPDIVERT
> I added the following rule to my firewall rules list to disallow 1
> workstation from having access to the internet:
> ipfw add deny tcp from 192.168.2.1/24 to any setup
> ipfw add deny tcp from 192.168.2.1/24 to any
> This machine is running nat and routed. Although these rules are loaded as
> shown by ipfw list this machine still has access to the internet, is this
> a flaw in my syntax, implementation, or what? Thanks.
> 
> Blake Matheny
> Network Engineer
> Bussert Consulting
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali@intranova.net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message