Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Jan 2002 13:06:33 +0100
From:      "Heimes, Rene" <rh@com-con.net>
To:        <freebsd-questions@freebsd.org>
Subject:   AW: firewalling with ipfw
Message-ID:  <F54B610C5BFDE546BBA2F6CC595ACC75084A0B@exchange2000>

next in thread | raw e-mail | index | archive | help
>> so there is no possibility of grouping ip?s that should match a
special
>> ruleset, if they cannot be treated as a "subnet"?
>> can i perform this action with ipf? can someone point me to a good
HOWTO
>> for that?
>>

>IP Filter also can't do it for you. Probably you should tell us your
task,
>because I can't understand really needs of such Firewall feature.

OK, let=B4s try...
There is one half Class-C Network (out of 16 others....)
There are a several groups of servers and workstations with different
inbound/ outbound rulesets:
- Webservers
- Application Servers
- Full Access Workstations
- Restricted Access Workstations and finally
- No Access Workstations

Each group matches to non-coherent IP-Addresses.

Right now, because i wrote each ruleset for almost every single ip,
there is a 70k large rc.firewall file that affects system throughput
heavily.

That=B4s my problem - understandable now? How can i make this file
smaller? How can i aggregate rulesets and ip=B4s???

TIA

Ren=E9


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F54B610C5BFDE546BBA2F6CC595ACC75084A0B>