Date: Fri, 28 Dec 2001 23:52:31 +0100 From: "Maxlor" <mail@maxlor.com> To: <security@freebsd.org> Subject: RE: ipfw by MAC Message-ID: <NDBBKGBBKDPDNFIFCJEJIEIHCLAA.mail@maxlor.com> In-Reply-To: <20011228114927.A43549@ke7hc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> eliminiated or automated, I'd like to do so. I suppose that tying the > firewall rules to the MAC address would be one way of doing that, but > since that isn't supported, I'm curious if anyone has come up with a > different way of doing it. Couldn't such a behaviour be achieved by using the NIC name in your rules, and the magical "me" keyword. Eg: I have my firewall configured such that it allows port 80 connections to it from the inside, but disallows them from the outside (dc0 is my outside NIC, ed0 is my inside NIC) ... ipfw add 10000 allow tcp from any to me 80 via ed0 ... ipfw add 60000 deny ip from any to any also, the "in" and "out" keywords can help shaping the traffic the way you want. Have a lot of fun, Maxlor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBKGBBKDPDNFIFCJEJIEIHCLAA.mail>