From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 4 21:22:05 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DED2016A4CE for ; Fri, 4 Mar 2005 21:22:05 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98CEC43D31 for ; Fri, 4 Mar 2005 21:22:05 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin01-en2 [10.13.10.146])j24LM43T017651; Fri, 4 Mar 2005 13:22:04 -0800 (PST) Received: from [10.1.1.245] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0)j24LM2PD027783; Fri, 4 Mar 2005 13:22:03 -0800 (PST) In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <01fe51abafd48905144391271f4f9e31@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Fri, 4 Mar 2005 16:22:02 -0500 To: Jason Hunt X-Mailer: Apple Mail (2.619.2) cc: freebsd-ipfw@freebsd.org Subject: Re: Quick Firewall Question X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2005 21:22:06 -0000 On Mar 4, 2005, at 4:13 PM, Jason Hunt wrote: > Thanks for your quick response. What I really need to do is to block > specific ports on my outside interface NIC. In fact, I need to keep > the 2nd > NIC which is internal open to those ports. OK. You'd get better examples if you gave a little more information, such as the name or IP addr of this outside interface, by the way, but: ipfw add 110 deny tcp from any to me 11 in via fxp0 This would block any remote connection to port 11 coming in via the fxp0 interface. Replace "fxp0" with your external NIC, and consider replacing "me" with the IP addr of your outside interface... -- -Chuck