Date: Wed, 18 Sep 1996 23:18:04 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: adam@veda.is (Adam David) Cc: avalon@coombs.anu.edu.au, freebsd-hackers@freebsd.org Subject: Re: IPFW !IP# Message-ID: <199609181318.GAA07562@freefall.freebsd.org> In-Reply-To: <199609181249.MAA11928@veda.is> from "Adam David" at Sep 18, 96 12:49:31 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Adam David, sie said: > > > > # ipfw add deny all from !${my_network}:${my_netmask} to any out via ${gate_if} > > > # ipfw add deny all from any to !${my_network}:${my_netmask} in via ${gate_if} > > > > > > This set of 2 rules would otherwise take 48 rules to enforce for a class C > > > network with a single domain gateway, for instance. > > > > This is just rule writing. > > > > HOw about: > > > > # ipfw add pass all from ${my_network}:${my_netmask} to any out via ${gate_if} > > # ipfw add pass all from any to ${my_network}:${my_netmask} in via ${gate_if} > > # ipfw add deny all from any to any out via ${gate_if} > > # ipfw add deny all from any to any in via ${gate_if} > > > > Darren > > How would you further restrict access to services which match either of these > first 2 rules? This is getting back to 1st principals... Put the rule before the case which I want to create an exception for.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609181318.GAA07562>