Date: Wed, 18 Sep 1996 23:18:04 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: adam@veda.is (Adam David) Cc: avalon@coombs.anu.edu.au, freebsd-hackers@freebsd.org Subject: Re: IPFW !IP# Message-ID: <199609181318.GAA07562@freefall.freebsd.org> In-Reply-To: <199609181249.MAA11928@veda.is> from "Adam David" at Sep 18, 96 12:49:31 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Adam David, sie said:
>
> > > # ipfw add deny all from !${my_network}:${my_netmask} to any out via ${gate_if}
> > > # ipfw add deny all from any to !${my_network}:${my_netmask} in via ${gate_if}
> > >
> > > This set of 2 rules would otherwise take 48 rules to enforce for a class C
> > > network with a single domain gateway, for instance.
> >
> > This is just rule writing.
> >
> > HOw about:
> >
> > # ipfw add pass all from ${my_network}:${my_netmask} to any out via ${gate_if}
> > # ipfw add pass all from any to ${my_network}:${my_netmask} in via ${gate_if}
> > # ipfw add deny all from any to any out via ${gate_if}
> > # ipfw add deny all from any to any in via ${gate_if}
> >
> > Darren
>
> How would you further restrict access to services which match either of these
> first 2 rules?
This is getting back to 1st principals...
Put the rule before the case which I want to create an exception for.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609181318.GAA07562>