Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Apr 2002 14:07:56 -0500 
From:      "Mire, John" <jmire@lsuhsc.edu>
To:        "'cravey@hal-pc.org'" <cravey@hal-pc.org>, "Mire, John" <jmire@lsuhsc.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: ipfw config to only allow gif tunnels.
Message-ID:  <DAC809EAC7E4594AA0696EF512F6ABF10AA7388E@sh-exch>

next in thread | raw e-mail | index | archive | help
I guess I missing something, because the gif interfaces have to exist either
by cloning or by creating them and I use a similiar rule to allow gif
interface traffic to traverse my firewall regardless of the ipaddresses
associated with them. Without it the gif (ipip) traffic gets blocked. The
other thing to do is use the protocol number: 
ipip    94      IPIP            # Yet Another IP encapsulation
encap   98      ENCAP           # Yet Another IP encapsulation

I'm betting on 94 and write the rule something like:

ipfw add 00122 allow 94 from a.b.c.d to me 
ipfw add 00124 allow 94 from me to a.b.c.d 

you could even add granularity by specifying the interface, etc...


-----Original Message-----
From: cravey@hal-pc.org [mailto:cravey@hal-pc.org]
Sent: Tuesday, April 09, 2002 1:46 PM
To: jmire@lsuhsc.edu
Cc: freebsd-questions@freebsd.org
Subject: RE: ipfw config to only allow gif tunnels.


Sorry, that doesn't seem to work unless you're trying to firewall the
traffic
coming down the tunnel with the tunnel already established. Any other
suggestions? 

Thanks.

-Stephen


> try something like:
> 
> ipfw add 00122 allow ip from a.b.c.d to me via gif0
> ipfw add 00124 allow ip from me to a.b.c.d via gif0
> 
> -- 
> John Mire: jmire@lsuhsc.edu                Network Administration
> 318-675-5434              LSU Health Sciences Center - Shreveport
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAC809EAC7E4594AA0696EF512F6ABF10AA7388E>