Date: Tue, 26 Jul 2005 14:01:31 -0700 From: Eric Pretorious <eric@pretorious.net> To: freebsd-questions@freebsd.org Subject: Re: ipfw: deny traffic between interfaces Message-ID: <200507261401.31860.eric@pretorious.net> In-Reply-To: <200507261219.08111.eric@pretorious.net> References: <200507261219.08111.eric@pretorious.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 26 July 2005 12:19 pm, Eric Pretorious wrote: >I'm using FreeBSD 4.10 as a masquerading firewall for three private networks >and want to restrict traffic between each interface (kind of like VLAN's). FWIW: This construct *seems* to have the effect that I desire: ipfw add 500 deny all from any to any out recv rl0 xmit fxp0 ipfw add 501 deny all from any to any out recv rl0 xmit sis1 ipfw add 502 deny all from any to any out recv fxp0 xmit rl0 ipfw add 503 deny all from any to any out recv fxp0 xmit sis1 ipfw add 504 deny all from any to any out recv sis1 xmit rl0 ipfw add 505 deny all from any to any out recv sis1 xmit fxp0 I'm not 100% certain of incoming/outgoing packets and the receive & transmit "interfaces", though. (The man page doesn't elaborate on this rule option.) -- Eric P., Truckee, CA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507261401.31860.eric>