Date: Tue, 11 Jan 2000 00:18:21 +0200 From: Giorgos Keramidas <charon@hades.hell.gr> To: The Hermit Hacker <scrappy@hub.org> Cc: freebsd-questions@freebsd.org Subject: Re: using ipfw to filter according to IP ... Message-ID: <20000111001821.B82892@hades.hell.gr> In-Reply-To: <Pine.BSF.4.21.0001090355500.18498-100000@thelab.hub.org> References: <Pine.BSF.4.21.0001090355500.18498-100000@thelab.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 09, 2000 at 03:56:52AM -0400, The Hermit Hacker wrote: > > Bad subject...but, if I have a machine with two IPs assigned to an > interface, can I use ipfw to limit incoming connections such that > only IP-2 can accept connections on port X? What you're asking, rephrased somehow is if ipfw can do filtering based on the source / destination IP [ which is usually diferent in each interface of a machine, as you pointed out ]. Well, from man ipfw(8) we can see that ipfw filters based on the source and/or destination IP address, the incoming and/or outgoing interface, etc. If your machine has two interfaces A and B with addresses, say... 127.0.0.1 for interface iface0, and 10.0.0.1 for interface iface1, then the rules below might prove handy to you: allow tcp from any to any in recv iface0 setup allow tcp from any to any established This allows incoming TCP connections only from iface0 but once established, the connection can send/get data to/from any interface. If I misunderstood what you're trying to do, you are always welcome to gracefully ignore me ;) Ciao. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000111001821.B82892>