Date: Sat, 18 Nov 2000 11:34:39 +0100 From: Manuel Enrique Garcia Cuesta <megarcia@intercom.es> To: Eirik Apeland <eapeland@c2i.net> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw question Message-ID: <20001118113439.A581@ilex.kicelo.org> In-Reply-To: <20001117223144.LASX22986.fep01-svc.swip.net@tng> References: <20001117223144.LASX22986.fep01-svc.swip.net@tng>
next in thread | previous in thread | raw e-mail | index | archive | help
Eirik,
=== Eirik Apeland escribia
(Fri, Nov 17, 2000 at 11:34:09PM +0100):
>
> Hi.
>
> I'm running a "simple" firewall with the rc.firewall script, and have
> added a few lines of my own to it.
>
> I have a dailup connection to my ISP, so I can't use a "real"
> IP for my ISDN card.
>
> Anyone know how to implement the IP I'm getting from my ISP
> into my ipfw rules?
Unless somebody shows up with a better idea, I think your
best chance is using the interface name instead of the external IP
address (whenever it's involved ) in your rules. Your success will
probably depend on what exactly you want to achieve, though.
>
> ex.
>
> # set these to your outside interface network and netmask and ip
> oif="isp0"
> onet="0.0.0.0"
> omask="255.255.255.0"
> oip="0.0.0.1"
>
> # set these to your inside interface network and netmask and ip
> iif="xl0"
> inet="10.0.0.0"
> imask="255.255.255.0"
> iip="10.0.0.10"
>
>
> # Stop spoofing
> ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
>
> This rule will be all wrong as it is today.
In my personal case I have commented out this rule; I trust
nobody in the internal network (namely: me) will pretend to have an IP
address other than the ones the administrator (namely: me) has
assigned.
>
> Hope you understand what I'm after here :)
Hope this helps
>
> Regards
> Eirik
>
>
Manuel Garcia
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001118113439.A581>