Date: Sun, 27 Jun 1999 11:48:51 +0930 (CST) From: Mark Newton <newton@atdot.dotat.org> To: drwho@xnet.com (Michael Maxwell) Cc: freebsd-security@FreeBSD.ORG Subject: Re: firewalling problem. Message-ID: <199906270218.LAA42821@atdot.dotat.org> In-Reply-To: <19990626210402.B1580@atlas.topquark.org> from "Michael Maxwell" at Jun 26, 99 09:04:02 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Maxwell wrote:
> Problem:
> I cannot allow my local net machines to talk outside to the net and still
> have a useful firewall at the same time. The rule that allows the local
> hosts to talk outside completely defeats the purpose of having any OTHER
> rules in the first place (ipfw allow ip from any to any). I have tried
> restricting the first "any" to <mynet>:<mymask>, but this also does not
> work.
Read up the manpage for the "established" keyword.
More generally, run out and buy a copy of "Building Internet Firewalls"
by Bellovin and Cheswick.
- mark
--------------------------------------------------------------------
I tried an internal modem, newton@atdot.dotat.org
but it hurt when I walked. Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906270218.LAA42821>