From owner-freebsd-security Thu May 10 2:22:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id D615137B423 for ; Thu, 10 May 2001 02:22:18 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id LAA64668; Thu, 10 May 2001 11:22:16 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Michael Sharp Cc: FreeBSD-security@FreeBSD.ORG Subject: Re: ipfw References: <20010509201853.6521.cpmta@c000.sfo.cp.net> From: Dag-Erling Smorgrav Date: 10 May 2001 11:22:14 +0200 In-Reply-To: <20010509201853.6521.cpmta@c000.sfo.cp.net> Message-ID: Lines: 16 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Sharp writes: > But I need to block port 113, and allow 1 machine to get to port > 113. HAVING to add ipfw add allow ip from any to any gets process > before I would allow my 1 machine to port 113, thus allowing every > machine to port 113 How about this: go read the ipfw(8) from top to bottom, paying particular attention to the EXAMPLES section; then browse /etc/rc.firewall. Having read this material, if you still don't understand how ipfw works, feel free to ask questions on the -questions mailing list. The -security list is for security issues, not for "can't be bothered to read the docs" issues. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message