Hi,
> >>How to effectively BLOCK every packet from dmz to internal lan?? :o(
use FreeBSD's native ipfw facility instead of ipfilters. then it's a piece of
cake:
#----------
ipfw add <rulenumber> unreach filter-prohib all from any to any \
out recv <interface_dmz> xmit <interface_internal>
#----------
More specifically I'd recommend breaking this up into 2 lines to handle tcp and
the rest separtely (with tcp using the reset clause to confuse scanners),
I have to admit, though, that I don't fully understand the purpose of such a
measure.
After all, what's a dmz good for if you can't talk to it from the inside
somehow.
Regards
Christoph Weber-Fahr
irado furioso com tudo <[EMAIL PROTECTED]>
24.02.2002 22:31
An: [EMAIL PROTECTED]
Kopie: (Blindkopie: Christoph Weber-Fahr/TND/Eschborn/Arcor)
Thema: Re: stuck with FreeBSD and Ipfilter
[EMAIL PROTECTED] wrote:
>>I am stuck with a request from a client. A FreeBSD box, with 3 nic's
>>How to effectively BLOCK every packet from dmz to internal lan?? :o(
>>
>
> maybe something like this:
>
> block out on <lan interface> from 192.168.10.0/24 to 192.168.1.0/24
>
thanks. Unfortunately, 22 shows closed, 53 shows open. :-(. If we put
'in' (instead of out) in the above rule, nothing happens (22,53 still open).
--
sauda��es,
irado furioso com tudo.
Linux User (SuSE) 179.402
que se pode esperar de um pa�s que considera bundas gordas como
'talento'e intelig�ncia � aferida pelo 'show do milh�o'?
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
