From owner-freebsd-newbies@FreeBSD.ORG Wed Mar 23 08:07:46 2005 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BF7A16A4CE for ; Wed, 23 Mar 2005 08:07:46 +0000 (GMT) Received: from mail.kompass.by (mail.kompass.by [213.184.241.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21C9043D6B for ; Wed, 23 Mar 2005 08:07:45 +0000 (GMT) (envelope-from vkhramtsov@kompass.by) Received: from mail.kompass.by (localhost.kompass.by [127.0.0.1]) by mail.kompass.by (Postfix) with ESMTP id 2F85A14D for ; Wed, 23 Mar 2005 10:07:34 +0200 (EET) Received: from admin.kompass_office (admin.kompass_office [10.10.0.1]) by mail.kompass.by (Postfix) with ESMTP id B534D14C for ; Wed, 23 Mar 2005 10:07:33 +0200 (EET) Date: Wed, 23 Mar 2005 10:07:30 +0200 From: "Vladimir V. Khramtsov" X-Mailer: The Bat! (v3.0.2.5) Professional Organization: Kompass Belarus X-Priority: 3 (Normal) Message-ID: <11010035087.20050323100730@kompass.by> To: freebsd-newbies@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AV-Checked: ClamAV using ClamSMTP Subject: ipfw2 X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Vladimir V. Khramtsov" List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 08:07:46 -0000 Hello, I would like to recompile my system with ipfw2 default to deny. I have local net behind of my freebsd, and I want to pass all packets from this subnet to Internet, except netbios (135-139 udp and tcp). So I think firewall rule can be like this add allow tcp from xxx.xxx.xxx.xxx/24 to any "{not 135-139}" (and one more for udp). Is it rule correct? P.S. I have to maintain default to deny firewall. -- Best regards, Vladimir