From owner-freebsd-security Sat Jun 26 19:20:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id 9230814EB7 for ; Sat, 26 Jun 1999 19:20:42 -0700 (PDT) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.7) id LAA42821; Sun, 27 Jun 1999 11:48:51 +0930 (CST) From: Mark Newton Message-Id: <199906270218.LAA42821@atdot.dotat.org> Subject: Re: firewalling problem. To: drwho@xnet.com (Michael Maxwell) Date: Sun, 27 Jun 1999 11:48:51 +0930 (CST) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <19990626210402.B1580@atlas.topquark.org> from "Michael Maxwell" at Jun 26, 99 09:04:02 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Maxwell wrote: > Problem: > I cannot allow my local net machines to talk outside to the net and still > have a useful firewall at the same time. The rule that allows the local > hosts to talk outside completely defeats the purpose of having any OTHER > rules in the first place (ipfw allow ip from any to any). I have tried > restricting the first "any" to :, but this also does not > work. Read up the manpage for the "established" keyword. More generally, run out and buy a copy of "Building Internet Firewalls" by Bellovin and Cheswick. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message