From owner-freebsd-questions  Mon Jan 10 15:33:27 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mx2.x-treme.gr (mx2.x-treme.gr [212.120.192.15])
	by hub.freebsd.org (Postfix) with ESMTP id 088D115343
	for <freebsd-questions@freebsd.org>; Mon, 10 Jan 2000 15:32:56 -0800 (PST)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Received: from localhost.hell.gr (pat53.x-treme.gr [212.120.197.245])
	by mx2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with SMTP id BAA16171
	for <freebsd-questions@freebsd.org>; Tue, 11 Jan 2000 01:30:59 +0200
Received: (qmail 83410 invoked by uid 1001); 10 Jan 2000 22:18:21 -0000
Date: Tue, 11 Jan 2000 00:18:21 +0200
From: Giorgos Keramidas <charon@hades.hell.gr>
To: The Hermit Hacker <scrappy@hub.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: using ipfw to filter according to IP ...
Message-ID: <20000111001821.B82892@hades.hell.gr>
Reply-To: keramida@ceid.upatras.gr
References: <Pine.BSF.4.21.0001090355500.18498-100000@thelab.hub.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <Pine.BSF.4.21.0001090355500.18498-100000@thelab.hub.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Jan 09, 2000 at 03:56:52AM -0400, The Hermit Hacker wrote:
> 
> Bad subject...but, if I have a machine with two IPs assigned to an
> interface, can I use ipfw to limit incoming connections such that
> only IP-2 can accept connections on port X?

What you're asking, rephrased somehow is if ipfw can do filtering based
on the source / destination IP [ which is usually diferent in each
interface of a machine, as you pointed out ].

Well, from man ipfw(8) we can see that ipfw filters based on the source
and/or destination IP address, the incoming and/or outgoing interface,
etc.  If your machine has two interfaces A and B with addresses, say...
127.0.0.1 for interface iface0, and 10.0.0.1 for interface iface1, then
the rules below might prove handy to you:

	allow tcp from any to any in recv iface0 setup
	allow tcp from any to any established

This allows incoming TCP connections only from iface0 but once
established, the connection can send/get data to/from any interface.

If I misunderstood what you're trying to do, you are always welcome to
gracefully ignore me ;)

Ciao.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
"What we have to learn to do, we learn by doing." [Aristotle]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message