From owner-freebsd-security Sat May 4 20:36:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f93.law14.hotmail.com [64.4.21.93]) by hub.freebsd.org (Postfix) with ESMTP id 7B4FA37B416 for ; Sat, 4 May 2002 20:36:52 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 4 May 2002 20:36:52 -0700 Received: from 209.124.233.47 by lw14fd.law14.hotmail.msn.com with HTTP; Sun, 05 May 2002 03:36:52 GMT X-Originating-IP: [209.124.233.47] From: "William J. Borskey" To: security@freebsd.org Subject: ipfw Date: Sat, 04 May 2002 20:36:52 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 05 May 2002 03:36:52.0381 (UTC) FILETIME=[189944D0:01C1F3E6] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is it possible to write rules for ipfw using ethernet addresses instead of ip addresses? ipfw -q -f flush ipfw -q add 00100 allow ip from any to any via lo0 ipfw -q add 00220 deny log ip to me 22 from any in ipfw -q add 00100 allow ip from any to any ipfw -q add 00225 deny log tcp from any to any in tcpflags syn,fin ipfw -q add 00230 check-state ipfw -q add 00235 deny tcp from any to any in established ipfw -q add 00240 allow ip from any to any out keep-state ipfw -q add 00250 deny tcp from any to any 6000 ipfw -q add 00900 deny log ip from any to any and is this ok to block everything except ssh? _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message