Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Dec 1998 00:35:23 -0800
From:      "Brian Gallucci" <brian@briang.org>
To:        "FreeBSD" <freebsd-questions@FreeBSD.ORG>
Subject:   IPFW
Message-ID:  <000401be33cf$58126540$2800a8c0@brian-desktop.briang.org>

next in thread | raw e-mail | index | archive | help
I'm running FreeBSD 2.2.7 with IPFW and NATD Support and I need to block
access to our network would I ALLOW it and then add a DENY line ?
Like so ->

$fwcmd -f flush
$fwcmd add divert 6668 all from any to any via fxp0
#
$fwcmd add 100 pass all from any to any via lo0
$fwcmd add 200 deny log all from any to 127.0.0.0/8
#
$fwcmd add pass tcp from any to any established
$fwcmd add allow tcp from any to any 25
$fwcmd add allow tcp from any to any 53
$fwcmd add allow udp from any to any 53
$fwcmd add allow tcp from any to any 80
$fwcmd add allow tcp from any to any 113
#
$fwcmd add deny log tcp from any to any
$fwcmd add deny log udp from any to any
$fwcmd add deny log tcp from 24.0.0.0/8 to any

If I try to to use port 5500 to access another network I get a error message
deny < $fwcmd add deny log tcp from any to any >
why is this ? I have the established set,


Thanks
-Brian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000401be33cf$58126540$2800a8c0>