Date: Fri, 14 Jun 2002 14:50:40 +0300 (EEST) From: Alexander V Zubchenko <stalker@hermes-comp.zp.ua> To: =?koi8-r?B?6czY0SD7ydDJw8nO?= <ilia@academy.urc.ac.ru> Cc: <questions@FreeBSD.ORG> Subject: Re: ipfw: outgoing connections only Message-ID: <20020614144544.V1381-100000@server.hermes-comp.zp.ua> In-Reply-To: <20020614173014.X42286-100000@sol.chel.skbkontur.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Greetings! On Fri, 14 Jun 2002, Илья Шипицин wrote: > for example, I want to allow incoming tcp/udp connections to certain > ports, i.e. tcp1..tcpN, udp1...udpN. And I want to allow any outgoing > connection from that machine. > > I'm not sure about ipfw rules, any advice ? Look ipfw(8) man-page for details. You can add something like: ipfw add allow tcp from any to me <ports-spec> in via <iface> \ keep-state #To allow incoimng for specific ports ipfw add allow ip from me to any out via <iface> (to allow any outcoming connections). port-spec is port|port-port|port:mask|<port-spec>,<port-spec>... As i already said look at manpage. There enough info, imho. Keep-state create dynamic rules to bypass this connection. Lifetime controlled by sysctl variables. Hope, this help. Alexander V Zubchenko, E-Mail: stalker@hermes-comp.zp.ua System Administrator, WWW: http://www.hermes-comp.zp.ua/ Hermes-comp, Ukraine, Zaporizhzhya, Geroev Stalingrada 50 phone/fax: +380 612 64-19-72 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020614144544.V1381-100000>