From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 4 21:13:23 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9104816A503 for ; Fri, 4 Mar 2005 21:13:23 +0000 (GMT) Received: from hermes.niicommunications.com (hermes.niicommunications.com [207.207.35.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 009F443D48 for ; Fri, 4 Mar 2005 21:13:23 +0000 (GMT) (envelope-from jhunt@akula.org) Received: from ASSP-nii (localhost.niicommunications.com [127.0.0.1]) id j24LDJti042365; Fri, 4 Mar 2005 15:13:20 -0600 (CST) Received: from 207.207.35.35 ([207.207.35.35] helo=[192.168.2.5]) by ASSP-nii ; 4 Mar 05 21:13:19 -0000 User-Agent: Microsoft-Entourage/11.0.0.040405 Date: Fri, 04 Mar 2005 15:13:18 -0600 From: Jason Hunt To: Charles Swiger Message-ID: In-Reply-To: <4e2234d5eae49964babe6b525612473a@mac.com> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit cc: freebsd-ipfw@freebsd.org Subject: Re: Quick Firewall Question X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2005 21:13:23 -0000 Chuck, Thanks for your quick response. What I really need to do is to block specific ports on my outside interface NIC. In fact, I need to keep the 2nd NIC which is internal open to those ports. > From: Charles Swiger > Date: Fri, 4 Mar 2005 16:09:17 -0500 > To: Jason Hunt > Cc: > Subject: Re: Quick Firewall Question > > On Mar 4, 2005, at 4:01 PM, Jason Hunt wrote: >> Greetings, >> >> I have a machine that I need to quickly block outside access to (just >> internal access from 2nd NIC). Is there any quick examples of how I >> can add >> a rule to specifically block a port on specific IP? > > ipfw add 100 deny tcp from 1.2.3.4 any to 192.168.1.2 11 > > This will block connections from IP 1.2.3.4 to your host's port 11, > assuming your local IP was 192.168.1.2 > > -- > -Chuck > >