Date: Tue, 29 Feb 2000 20:20:57 -0800 (PST) From: Bhishan Hemrajani <bhishan@cytosine.dhs.org> To: Steve Jorgensen <steve@khoral.com> Cc: questions@FreeBSD.ORG Subject: Re: packet filtering from ppp Message-ID: <200003010420.UAA13680@cytosine.dhs.org> In-Reply-To: <200003010419.VAA18525@zen.alb.khoral.com> from Steve Jorgensen at "Feb 29, 2000 09:19:29 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
I think you can.... just don't apply them to a specific device, apply them to all tcp attributes. --bhishan > Bhishan Hemrajani wrote > >> Try using rc.firewall in /etc to limit that stuff.. > >> man ipfw > >> > I didn't think you could use the ipfw and rc.firewall stuff on > the tun0 device. Am I mistaken? > > Steve > >> --bhishan > >> > > >> > I have a little 16 IP number net, that is connected > >> > to the internet via the user ppp on the gateway machine. > >> > I'm running on a FreeBSD 3.4-STABLE machine last cvsup'ed > >> > about a month ago. Since I have real IP numbers, I'm > >> > NOT using the -nat options to ppp, but I would like to use > >> > the set filter syntax to protect myself from prying external > >> > programs (in fact, I've been getting probed on my samba port for > >> > the last couple of weeks from various external ip numbers) > >> > > >> > Anyway, I set up my rules based on instructions I found > >> > in the ppp tutorial at http://www.freebsd.org/tutorials/ppp/x870.html, > >> > but I can't seem to get things to work right. The example shown > >> > indicates that only the specified services will be allowed to > >> > operate through the tun device, and all other packets will be > >> > blocked. However, when I run it, it either lets everything > >> > through or disallows any new external to internal connections > >> > to be started. This behavior is based on the following lines > >> > > >> > set filter in 6 permit 0/0 MYGATEWAYADDR/24 > >> > set filter out 6 permit MYGATEWAYADDR/24 0/0 > >> > > >> > If I have these two lines set, it doesn't matter if I have any > >> > of the other lines in the tutorial, it allows all packets through. > >> > If I comment those two lines out, no new external connections > >> > can be established. Any help is appreciated, and I can make > >> > my full set filter lines available if it's necessary. > >> > > >> > Steve > > -- > ----------------------------------------------------------- > Steven Jorgensen steve@khoral.com steve@spukhaus.com > ------------------------------+---------------------------- > Khoral Research Inc. | PHONE: (505) 837-6500 > 6200 Uptown Blvd, Suite 200 | FAX: (505) 881-3842 > Albuquerque, NM 87110 | URL: http://www.khoral.com/ > ----------------------------------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003010420.UAA13680>