Date: Wed, 26 Feb 1997 11:51:50 -0700 (MST) From: Brandon Gillespie <brandon@cold.org> To: freebsd-questions@freebsd.org Subject: ipfw rules problems (NOT operator?) Message-ID: <Pine.NEB.3.95.970226114513.3174A-100000@cold.org>
next in thread | raw e-mail | index | archive | help
I have need for a 'not' operator with ipfw--or at least I do based off my
minimal knowledge of ipfw rules (from the man pages) and what I need. To
explain... My network topology uses two 'walls':
: |
Internet => : => Local Network => | => Secure Network
: |
Cleanwall Firewall
Basically, the cleanwall is just our Cisco router, which is setup to deny
spoofing and to drop anything from 192.168.0 on the floor. Most of the
workstations in the building are on the Local network. The secure network
will contain our database systems. I'm working on setting up a FreeBSD
box as the Firewall. I want the firewall to deny all packets that are NOT
from our IP domain (206.81.134.0). I was hoping for a rule with ipfw (and
I couldn't find it) like:
ipfw add deny all NOT from ${onet}:${omask} to any from ${oif}
An alternative I have considered is to simply allow any from $onet, and
deny everything else--but this rule would drop it out immediately, so I
couldn't further filter based on protocol and port.
Help? Suggestions? Hack ipfw?
-Brandon Gillespie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970226114513.3174A-100000>