From owner-freebsd-ipfw@FreeBSD.ORG  Fri Mar  4 21:13:23 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9104816A503
	for <freebsd-ipfw@freebsd.org>; Fri,  4 Mar 2005 21:13:23 +0000 (GMT)
Received: from hermes.niicommunications.com (hermes.niicommunications.com
	[207.207.35.34])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 009F443D48
	for <freebsd-ipfw@freebsd.org>; Fri,  4 Mar 2005 21:13:23 +0000 (GMT)
	(envelope-from jhunt@akula.org)
Received: from ASSP-nii (localhost.niicommunications.com [127.0.0.1])
	id j24LDJti042365;	Fri, 4 Mar 2005 15:13:20 -0600 (CST)
Received: from 207.207.35.35 ([207.207.35.35] helo=[192.168.2.5]) by
  ASSP-nii ;  4 Mar 05 21:13:19 -0000
User-Agent: Microsoft-Entourage/11.0.0.040405
Date: Fri, 04 Mar 2005 15:13:18 -0600
From: Jason Hunt <jhunt@akula.org>
To: Charles Swiger <cswiger@mac.com>
Message-ID: <BE4E2B8E.1E104%jhunt@akula.org>
In-Reply-To: <4e2234d5eae49964babe6b525612473a@mac.com>
Mime-version: 1.0
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit
cc: freebsd-ipfw@freebsd.org
Subject: Re: Quick Firewall Question
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2005 21:13:23 -0000

Chuck,

Thanks for your quick response.  What I really need to do is to block
specific ports on my outside interface NIC.  In fact, I need to keep the 2nd
NIC which is internal open to those ports.



> From: Charles Swiger <cswiger@mac.com>
> Date: Fri, 4 Mar 2005 16:09:17 -0500
> To: Jason Hunt <jhunt@akula.org>
> Cc: <freebsd-ipfw@freebsd.org>
> Subject: Re: Quick Firewall Question
> 
> On Mar 4, 2005, at 4:01 PM, Jason Hunt wrote:
>> Greetings,
>> 
>> I have a machine that I need to quickly block outside access to (just
>> internal access from 2nd NIC).  Is there any quick examples of how I
>> can add
>> a rule to specifically block a port on specific IP?
> 
> ipfw add 100 deny tcp from 1.2.3.4 any to 192.168.1.2 11
> 
> This will block connections from IP 1.2.3.4 to your host's port 11,
> assuming your local IP was 192.168.1.2
> 
> -- 
> -Chuck
> 
>