From owner-freebsd-questions@FreeBSD.ORG Wed Jan 12 15:01:03 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 406191065673 for ; Wed, 12 Jan 2011 15:01:03 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id C7DB38FC19 for ; Wed, 12 Jan 2011 15:01:02 +0000 (UTC) Received: by wwf26 with SMTP id 26so644552wwf.31 for ; Wed, 12 Jan 2011 07:01:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=M/Z/8g9jyCip5gB8tcKjgLKlwvzTHbQsEN4+l5b5jjw=; b=o6X3CrJp9FaLL9OnqEIShxTR8U9chZmSf8ajWo1gN94PHb8NLiT6k4bmLdn71iddbv 2o8FcStzYy67bQU7TnvQzynV/W8CjQ0E0CUSd5DD3U0ze3mYjXwBTQhw7rxM0vMf9cxc ZQitg5+LfibqrNP2BDuXNBQwcfaaJztETHndc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=tBLsOeaVzXHptaU5zBzbsrVMMserg1alGAr+cnT8zytR4rR5H3iBfgvQM9+uZqVCAd qHzZO2s9Qz8i9eTn2ysEZiNL2pvhZ9sCmpa104CtFafL2V6iTZtkQQFcFzX4w2HWt2HF HDSxSh2rvooCU6GokumSdEne32i4vQvIUmWlU= MIME-Version: 1.0 Received: by 10.216.162.13 with SMTP id x13mr925683wek.14.1294844461651; Wed, 12 Jan 2011 07:01:01 -0800 (PST) Received: by 10.216.229.73 with HTTP; Wed, 12 Jan 2011 07:01:01 -0800 (PST) In-Reply-To: <4D2DBF12.3050809@esiee.fr> References: <4D2DBF12.3050809@esiee.fr> Date: Wed, 12 Jan 2011 15:01:01 +0000 Message-ID: From: krad To: Frank Bonnet Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-questions@freebsd.org" Subject: Re: protect a single interface with IPFW ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jan 2011 15:01:03 -0000 On 12 January 2011 14:47, Frank Bonnet wrote: > Hello > > is it possible to protect a single interface with IPFW > my server has only one interface and I want to > allow only SSH LDAP LDAPS > > thanks for any examples > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > something likes this add pass all from any to any via lo0 add pass tcp from w.x.y.z to any 22 in via $int keep-state add pass tcp from w.x.y.z to any 389 in via $int keep-state add deny ip from any to any or for pf (better in my opinion) table const { hosta, hostb, ... } table const { hosta, hostb, ... } set skip on lo0 block any from any pass in quick proto tcp from to any port ssh synproxy state pass in quick proto tcp from to any port ldap synproxy state