Date: Mon, 1 Jan 2001 22:09:26 -0500 (EST) From: freebsduser <freebsduser@earthlink.net> To: Darren Henderson <darren@bmv.state.me.us> Cc: Tommy Forrest - KE4PYM <tforrest@mcs.net>, "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: Writing firewall rules Message-ID: <Pine.BSF.4.05.10101012158360.23703-100000@bsdbox.gregory.earthlink.net> In-Reply-To: <Pine.A41.4.21.0101012100450.37128-100000@katahdin.bmv.state.me.us>
next in thread | previous in thread | raw e-mail | index | archive | help
Don't forget the port number or you won't get any traffic going across xl0 ipfw add deny tcp from any to any 901 in via xl0 This rule should only block packets coming into xl0 from the outside and destined for any address behind the firewall, port 901. Take a look at /etc/rc.firewall (the simple section). These are to be used as suggestions. There are quite a few good examples in this file as well as some anti-spoofing rules. Good Luck, Scott On Mon, 1 Jan 2001, Darren Henderson wrote: > On Mon, 1 Jan 2001, Tommy Forrest - KE4PYM wrote: > > > So I tried to do a little writing of my own. Specfically, I want to > > deny outside access (xl0) to port 901. So I tried: > > > > ipfw add 1099 deny tcp from xl0 to xl0 901 > > ipfw add deny tcp from any to any via xl0 > > or > > ipfw add deny tcp from any to any in via xl0 > > > > ________________________________________________________________________ > Darren Henderson darren@bmv.state.me.us > darren.henderson@state.me.us > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10101012158360.23703-100000>