steve13th wrote:
Given:
Running FREEBSD
What I want to do:
I am attempting to disable the following things:
Note H= host octet
1. disable pings
2. disable traffic originating from networks other than HHH.HH.HHH.0/24
3. allow traffic to originate from HHH.HH.HHH.11 and go back and forth with
the internet
Status:
I am able to block pings, but I can't have traffic with the internet
My rules
ipfw add 1 icmp from any to any icmp 0,8
ipfw add 2 allow tcp any to any established
ipfw add 3 allow all from HHH.HH.HHH.11/24 to any
oh where to start..
firstly realise that ipfw is called in every packet arraiving in every
interface and every packet leaving on every interface.
you probably want to limit processing to packets coming and going on
some interface. Assume em0 is your outside interface..
#divide up traffic to that we are interested in and that we are not
ipfw add 10 skipto 100 ip from any to any in recv em0
ipfw add 11 skipto 200 ip from any to any out xmit em0
ipfw allow ip from any to any
# incoming packets from the outside
ipfw add 100 drop ip from 127.0.0.0/8 to any
ipfw add 101 drip ip from any to 127.0.0.0/8
ipfw add 110 drop icmp from any to any icmp 0,8
ipfw add 120 check-state
[ add any other packets descriptions for incoming packets you may want
to accept]
ipfw add 190 drop ip from any to any
# outgoing packets to the outside
ipfw add 200 ipfw allow ip from any to any keep-state
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
