From owner-freebsd-security Thu Aug 16 5:54:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from fs.novosoft.ru (fs.novosoft.ru [194.149.225.6]) by hub.freebsd.org (Postfix) with ESMTP id 4560C37B40C for ; Thu, 16 Aug 2001 05:54:02 -0700 (PDT) (envelope-from romaha@eoffice.ru) Received: by fs.novosoft.ru with Internet Mail Service (5.5.2653.19) id ; Thu, 16 Aug 2001 19:54:00 +0700 Message-ID: From: Roman Zabolotnikov To: freebsd-security@freebsd.org Subject: RE: Quick IPFW Rule Question Date: Thu, 16 Aug 2001 19:53:59 +0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Hi, > > What would be the best rule to allow all incoming traffic > from one specific > I.P. address? (for a machine with 2 I.P.s bound to the NIC...) I guess it'd be like this. /sbin/ipfw add allow all from 123.123.123.123 to any via fxp0 /sbin/ipfw add reject all from any to any via fxp0 You should change "fxp0' from my example to your external interface name. > > Also, what would be the best rule to allow all outgoing > traffic from my > local machine? The same way. /sbin/ipfw add allow from 132.132.132.132 to any via fxp0 /sbin/ipfw add reject all from any to any via fxp0 But be carefully with "reject all" rule. It should be the last line in your firewall rules. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message