From owner-freebsd-current Mon Mar 18 00:14:41 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA06774 for current-outgoing; Mon, 18 Mar 1996 00:14:41 -0800 (PST) Received: from tfs.com (tfs.com [140.145.250.1]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA06769 for ; Mon, 18 Mar 1996 00:14:39 -0800 (PST) Received: from critter.tfs.com by tfs.com (smail3.1.28.1) with SMTP id m0tya5K-0003w1C; Mon, 18 Mar 96 00:14 PST Received: from localhost.tfs.com (localhost.tfs.com [127.0.0.1]) by critter.tfs.com (8.6.12/8.6.12) with SMTP id HAA07211; Mon, 18 Mar 1996 07:03:34 GMT X-Authentication-Warning: critter.tfs.com: Host localhost.tfs.com didn't use HELO protocol To: Mark Murray cc: current@freebsd.org Subject: Re: Firewall setup... In-reply-to: Your message of "Mon, 18 Mar 1996 08:23:29 +0200." <199603180623.IAA03506@grumble.grondar.za> Date: Mon, 18 Mar 1996 07:03:33 +0000 Message-ID: <7209.827132613@critter.tfs.com> From: Poul-Henning Kamp Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > It is however not that clear how to do the last bit. I would like > to zap spoofing - > > > 01350 accept all from any to 196.7.18.0/24 via tun0 > > 01350 accept all from 196.7.18.0/24 to any via tun0 > > If my firewall machine has 2 interfaces - tun0=196.7.18.65 > and ed0=196.7.18.129 with a netmask of 0xfffffff0, how do I prevent > packets claiming to be from 196.7.18/24 from coming into tun0? > The above 2 lines are necessary for me to communicate with the world. 01355 deny all from 196.7.18/24 to any in via tun0 ^^ If it doesn't work, yell. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.