Date: Mon, 17 Sep 2001 13:49:33 +0200 (CEST) From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de> To: brainheap@chat.ru Cc: freebsd-questions@freebsd.org Subject: Re: tiny question configuring ipfw Message-ID: <20010917114933.62086.qmail@web13307.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
> > Hi everybody! > > I've read in ipfw man pages i can filter not only using ip-address but > ports as well. > Even though there's no example of such feature. > > I'm curious how to write a rule to deny ip to some ip-address except for > a single port? > > Alex > Hi Alex, i don't know how to write one rule to serve your purpose. However, I know 2 rules which will do it :) ipfw add allow log tcp from e.f.g.h to a.b.c.d 1 out via fxp0 ipfw add deny log ip from any to any a.b.c.d MAY be - a single host (1.2.3.4) - a network (1.2.3.0/24) - a hostname (www.abc.com) 1 is the port number you want to have your clients access to. e.f.g.h SHOULD be your IP address. "out" was applied because you mentioned ".. to some ip-address except for .." and replace the interface over which the data goes out. BUT: Take a look at /etc/rc.firewall. There are some very good hints against spoofing and giving you a general idea how to write a ruleSET. A single rule would not help you to protect your network properly. Hope that helps Marc __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010917114933.62086.qmail>