ipfw

From: William J. Borskey (wborskey@hotmail.com)
Date: 05/05/02


From: "William J. Borskey" <wborskey@hotmail.com>
To: security@freebsd.org
Date: Sat, 04 May 2002 20:36:52 -0700


is it possible to write rules for ipfw using ethernet addresses instead of
ip addresses?

ipfw -q -f flush
ipfw -q add 00100 allow ip from any to any via lo0
ipfw -q add 00220 deny log ip to me 22 from any in
ipfw -q add 00100 allow ip from any to any
ipfw -q add 00225 deny log tcp from any to any in tcpflags syn,fin
ipfw -q add 00230 check-state
ipfw -q add 00235 deny tcp from any to any in established
ipfw -q add 00240 allow ip from any to any out keep-state
ipfw -q add 00250 deny tcp from any to any 6000
ipfw -q add 00900 deny log ip from any to any

and is this ok to block everything except ssh?

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message