ipfw
From: William J. Borskey (wborskey@hotmail.com)
Date: 05/05/02
- Next message: Peter C. Lai: "Re: ipfw"
- Previous message: Michael Sharp: "RE: jail()"
- Next in thread: Benjamin Ossei: "Re: ipfw"
- Maybe reply: Benjamin Ossei: "Re: ipfw"
- Maybe reply: Michael Sharp: "Re: ipfw"
- Reply: Peter C. Lai: "Re: ipfw"
- Reply: Eugene Grosbein: "Re: ipfw"
- Reply: Paulius Bulotas: "Re: ipfw"
- Reply: Derrick John Klise: "Re: ipfw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "William J. Borskey" <wborskey@hotmail.com> To: security@freebsd.org Date: Sat, 04 May 2002 20:36:52 -0700
is it possible to write rules for ipfw using ethernet addresses instead of
ip addresses?
ipfw -q -f flush
ipfw -q add 00100 allow ip from any to any via lo0
ipfw -q add 00220 deny log ip to me 22 from any in
ipfw -q add 00100 allow ip from any to any
ipfw -q add 00225 deny log tcp from any to any in tcpflags syn,fin
ipfw -q add 00230 check-state
ipfw -q add 00235 deny tcp from any to any in established
ipfw -q add 00240 allow ip from any to any out keep-state
ipfw -q add 00250 deny tcp from any to any 6000
ipfw -q add 00900 deny log ip from any to any
and is this ok to block everything except ssh?
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Peter C. Lai: "Re: ipfw"
- Previous message: Michael Sharp: "RE: jail()"
- Next in thread: Benjamin Ossei: "Re: ipfw"
- Maybe reply: Benjamin Ossei: "Re: ipfw"
- Maybe reply: Michael Sharp: "Re: ipfw"
- Reply: Peter C. Lai: "Re: ipfw"
- Reply: Eugene Grosbein: "Re: ipfw"
- Reply: Paulius Bulotas: "Re: ipfw"
- Reply: Derrick John Klise: "Re: ipfw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
