Date: Mon, 06 Jan 1997 19:47:15 -0600 From: Alex Nash <nash@mcs.com> To: Brandon Gillespie <brandon@cold.org> Cc: security@freebsd.org Subject: Re: FreeBSD as a cleanwall Message-ID: <32D1AB23.167EB0E7@mcs.com> References: <Pine.NEB.3.95.970106143712.23715A-100000@cold.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[hackers removed]
Brandon Gillespie wrote:
>
> Does anybody have a configuration for packet filtering through a FreeBSD
> router to run a cleanwall? Basically to keep all addresses of a specific
> IP set (say a class C) on the right sides. I.e. only set addresses of
> that set leave the network and don't allow any addresses of that set onto
> the network? I'm mulling through the docs now, but figured to look here
> for any possible pointers, as this seems like it would be a common enough
> operation..
If I understand you correctly, I think what you want is this
extract from /etc/rc.firewall:
############
# This is a prototype setup for a simple firewall. Configure this machine
# as a named server and ntp server, and point all the machines on the inside
# at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="ed0"
onet="192.168.4.0"
omask="255.255.255.0"
oip="192.168.4.17"
# set these to your inside interface network and netmask and ip
iif="ed1"
inet="192.168.3.0"
imask="255.255.255.0"
iip="192.168.3.17"
# Stop spoofing
/sbin/ipfw add deny all from ${inet}:${imask} to any in via ${oif}
/sbin/ipfw add deny all from ${onet}:${omask} to any in via ${iif}
Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32D1AB23.167EB0E7>