Date: Fri, 9 Apr 1999 14:13:45 +0300 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: "Serguei V. Melekhov" <smelekov@vniigazmain.gazprom.ru> Cc: freebsd-security@FreeBSD.ORG, luigi@FreeBSD.ORG Subject: Re: Ipfw related. Message-ID: <19990409141345.A31742@relay.ucb.crimea.ua> In-Reply-To: <370DAA59.7B3325E0@vniigazmain.gazprom.ru>; from Serguei V. Melekhov on Fri, Apr 09, 1999 at 11:20:57AM %2B0400 References: <370DAA59.7B3325E0@vniigazmain.gazprom.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 09, 1999 at 11:20:57AM +0400, Serguei V. Melekhov wrote: > Hello Security Users, > > Maybe i missed something... Well.. Just read text below and help if > u can.;) Thanks in advance. > > Let me show you one thing: > > ipfw add xxxx deny all from my.host.com to evil.host.com > > - It denies packets from my.host.com to evil.host.com, but > evil.host.com still can send packets to my.host.com. > > Decision: add another deny rule. But here is my question! > Is there any other ways to deny packets in both sides (in and out) > by writing only one ipfw rule? > No, not yet. Luigi had some plans (???) to implement ``between'' predicate, so you'd be able to write: ipfw add xxxx deny ip between my.host.com and evil.host.com -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990409141345.A31742>