Date: Tue, 14 Aug 2001 23:06:21 -0500 From: "default - Subscriptions" <default013subscriptions@hotmail.com> To: <freebsd-security@freebsd.org>, <freebsd-questions@freebsd.org> Subject: Question about default IPFW Rules... Message-ID: <OE35Fur2iz2Mb1s7nlT0000ba58@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
Okay I recently setup IPFW, and during the past 24 hours I have been
tweaking and getting familiar with writing the rules...
I have a question about this rule in the default rc.firewall script:
# Allow any traffic to or from my own net
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
If one is on a cable/dsl connection like @home, wouldn't this rule supercede
all other rules and let any traffic in from my I.P. address range? (given
that example I.P. is 192.168.0.3, and netmask is 255.255.255.0)
I am concerned with this because I do have hackers in my range that have
been trying to get in...
Is there a better way to do this? Or would you guys suggest removing this
rule completely? (I have not tried this yet...)
I am on an @home connection with two I.P. addresses bound to my NIC. they
are both in the same range (ex. 192.168.0.3 and 192.168.0.4) ... the gateway
is 192.168.0.1...
I was thinking maybe I could limit this to traffic with my gateway and my
own I.P. addresses, as I have provided other rules for things like DNS ...
Thanks,
Jordan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE35Fur2iz2Mb1s7nlT0000ba58>