From owner-freebsd-ipfw Fri Mar 30 14:32:41 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id BE73437B71B for ; Fri, 30 Mar 2001 14:32:37 -0800 (PST) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f2UMeFW85762; Fri, 30 Mar 2001 16:40:15 -0600 (CST) (envelope-from nick@rogness.net) Date: Fri, 30 Mar 2001 16:40:15 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: alexus Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: seperation of incoming and outgoing connection in firewall In-Reply-To: <016a01c0b966$9a8cb7d0$9865fea9@book> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 30 Mar 2001, alexus wrote: > and how is it seperating incoming from outgoing? > that's what i need to know ipfw add deny tcp from any to any 110 in via fxp0 Means that the firewall will only deny tcp connects to port 110 inbound to your fxp0 ethernet card. Packets outbound via fxp0 are not denied because of the 'in via fxp0'. If you wanted to hit them it would be 'out via fxp0'. Not having the 'in/out via' statement means match any interface inbound or outbound. > > > > > in via x10 > > > > > > > > > > thats means what? > > > > > > > > Packets coming in via the interface xl0. > > Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message