From owner-freebsd-questions  Mon Jan  1 19: 9:59 2001
From owner-freebsd-questions@FreeBSD.ORG  Mon Jan  1 19:09:57 2001
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from gull.prod.itd.earthlink.net (gull.prod.itd.earthlink.net [207.217.121.85])
	by hub.freebsd.org (Postfix) with ESMTP id B57AA37B400
	for <freebsd-questions@FreeBSD.ORG>; Mon,  1 Jan 2001 19:09:56 -0800 (PST)
Received: from bsdbox.gregory.earthlink.net (1Cust12.tnt1.warrenton.va.da.uu.net [63.20.81.12])
	by gull.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id TAA15660;
	Mon, 1 Jan 2001 19:09:27 -0800 (PST)
Date: Mon, 1 Jan 2001 22:09:26 -0500 (EST)
From: freebsduser <freebsduser@earthlink.net>
X-Sender: freebsduser@bsdbox.gregory.earthlink.net
To: Darren Henderson <darren@bmv.state.me.us>
Cc: Tommy Forrest - KE4PYM <tforrest@mcs.net>,
	"freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Writing firewall rules
In-Reply-To: <Pine.A41.4.21.0101012100450.37128-100000@katahdin.bmv.state.me.us>
Message-ID: <Pine.BSF.4.05.10101012158360.23703-100000@bsdbox.gregory.earthlink.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Don't forget the port number or you won't get any traffic going across xl0

ipfw add deny tcp from any to any 901 in via xl0

This rule should only block packets coming into xl0 from the outside and
destined for any address behind the firewall, port 901.

Take a look at /etc/rc.firewall (the simple section).  These are to be
used as suggestions.  There are quite a few good examples in this file as
well as some anti-spoofing rules.


Good Luck,

Scott


On Mon, 1 Jan 2001, Darren Henderson wrote:

> On Mon, 1 Jan 2001, Tommy Forrest - KE4PYM wrote:
> 
> > So I tried to do a little writing of my own.  Specfically, I want to
> > deny outside access (xl0) to port 901.  So I tried:
> > 
> > ipfw add 1099 deny tcp from xl0 to xl0 901
> 
> ipfw add deny tcp from any to any via xl0
> 
> or
> 
> ipfw add deny tcp from any to any in via xl0 
> 
> 
> 
> ________________________________________________________________________
> Darren Henderson                                  darren@bmv.state.me.us
>                                             darren.henderson@state.me.us
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message