Date: Wed, 29 Dec 2021 17:32:15 -0600 From: Tim Daneliuk via freebsd-questions <freebsd-questions@freebsd.org> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: ipfw syntax clarification Message-ID: <8b2c341d-10e6-51a2-0654-86f4394865c7@tundraware.com>
next in thread | raw e-mail | index | archive | help
We have a FBSD firewall/gateway/natd server on the permimeter of one of our networks.
We have an ipfw table that is loaded with pesky IPs like this:
ipfw add deny all from table\(10\) to any via ${OIF}
This does block traffic which originates from those IPs to our server.
However, it also prevents our server from originating requests TO those IPs.
This is an issue because some of the table entries are CIDR blocks intended
to geoblock known problem areas. However, it's sometimes desirable to, say,
connect to a web server within one of those CIDR blocks.
How/can the rule above be modified to let no one in the table to connect or
ping to the server, but still allow the server to connect to something in
the forbidden blocks/IPs?
TIA!
--
----------------------------------------------------------------------------
Tim Daneliuk tundra@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8b2c341d-10e6-51a2-0654-86f4394865c7>