From owner-freebsd-questions Thu Feb 27 08:05:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA04060 for questions-outgoing; Thu, 27 Feb 1997 08:05:54 -0800 (PST) Received: from cold.org (cold.org [206.81.134.103]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA04048 for ; Thu, 27 Feb 1997 08:05:48 -0800 (PST) Received: from localhost (brandon@localhost) by cold.org (8.8.5/8.8.3) with SMTP id JAA05196; Thu, 27 Feb 1997 09:05:59 -0700 (MST) Date: Thu, 27 Feb 1997 09:05:59 -0700 (MST) From: Brandon Gillespie To: "Jonathan M. Bresler" cc: freebsd-questions@freebsd.org Subject: Re: ipfw rules problems (NOT operator?) In-Reply-To: <199702270024.QAA14443@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > then write those rules and do not write an "allow all from > ${onet}:${omask} to any" rule. > > how about telling us what effect you want? for instance > allow telnet from the inside to ___, but no incoming telnet > connections. allow pasv ftp. dont allow any icmp. etc... I did :b But I'll do again: Cleanwall Firewall : | Internet => : => Localnet => | => Securenet : 206.81.134.0 | 192.168.1.0 : | I want the Firewall (FreeBSD) to _only_ allow telnet, dns and lp/lpr (npp?) from the outside in--furthermore I want it to ONLY allow tcp packets from 206.81.134.0. Same goes for the inside out, except for with the appropriate address (of course). The cleanwall is setup to keep IP spoofing from occuring, so this gives a double wall effect I feel comfortable with.. -Brandon Gillespie