From owner-freebsd-isp Fri Dec 1 21:23:52 2000 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (ftp.golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 126FD37B400 for ; Fri, 1 Dec 2000 21:23:50 -0800 (PST) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AH9370.63.d1acf55c) with ESMTP id smcsaaaa for ; Sat, 2 Dec 2000 16:30:09 +1100 Message-ID: <3A288767.A893C761@quake.com.au> Date: Sat, 02 Dec 2000 16:23:51 +1100 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Nicole Cc: freebsd-isp@freebsd.org Subject: Re: client firewall with 2 ethernet ports References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nicole wrote: > > Greetings > I have what is perhaps a silly question, but I am unsure what the best way is > to setup client level firewall rules in rc.firewall when the server has 2 > ethernet ports. > one port is used as the connection the the network. > The second port is used as a 192.168 type of network providing a secure > backend connection between servers for NFS and the like. > > How do I setup rules that apply to one port and not the other? > Would I use a modified form of the simple rules? > > Any clues appreciated! > > Thanks! > > Nicole Hiya, You can use the "via interface" command... Eg. deny ip from any to any via dc0 that will block out going and incoming on that interface, to only stop one you can use "in via interface" or "out via interface", you can also replace via with recv or xmit... but that confuses me and dose the same thing anyway.. Hope this is of some help :) Kal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message