Date: Sat, 8 Feb 1997 19:05:57 -0500 (EST) From: Robert Shady <rls@mail.id.net> To: julian@whistle.com (Julian Elischer) Cc: tiller@connectnet.com, FreeBSD-Questions@freebsd.org, FreeBSD-ISP@freebsd.org Subject: Re: Packet filtering help please Message-ID: <199702090005.TAA06715@server.id.net> In-Reply-To: <32FCF895.59E2B600@whistle.com> from Julian Elischer at "Feb 8, 97 02:05:09 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > this will add to my system. Also,
> > where can I find more info on how to construct rules?
> > (Beyond the man pages.)
> > I will be doing this all remotely, so getting it right the first time is
> > essential.
>
> add the following code to the rc file
> ipfw add 10000 allow ip from all to all
> ipfw add 1000 deny ip from {his address}
>
>
> that should about do it..
> remember that the default rule is:
> ipfw add 65536 deny ip from any to any
>
> so you need to add the allow rule above via /etc/rc
> because you won't be able to get to the box to do it by hand :)
Also remember that the numbers are the 'rules numbers', they are
parsed from highest to lowest, and everyone must be different.
In the above example, it starts our like this
RULE #
======
65536 deny ip from any to any (Don't let ANYONE into this box by default)
10000 allow ip from all to all (Now allow EVERYONE into this box by default)
1000 deny ip from a.a.a.a (Now just deny people from a.a.a.a)
And you could add...
999 deny ip from b.b.b.b (Now deny people from a.a.a.a & b.b.b.b)
etc.
-- Rob
===
_/_/_/_/_/ _/_/_/_/ _/_/ _/ _/_/_/_/_/ _/_/_/_/_/
_/ _/ _/ _/_/_/ _/ _/ _/ _/_/_/_/ _/
_/_/_/_/_/ _/_/_/_/ _/ _/ _/_/_/_/_/ _/
Innovative Data Services
Serving South-Eastern Michigan
Internet Service Provider / Hardware Sales / Consulting Services
Voice: (810)855-0404 / Fax: (810)855-3268 / Web: http://www.id.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702090005.TAA06715>