Date: Tue, 9 Apr 2002 20:44:32 GMT From: cravey@hal-pc.org To: jmire@lsuhsc.edu Cc: freebsd-questions@freebsd.org Subject: RE: ipfw config to only allow gif tunnels. Message-ID: <auto-000007668495@mail.hal-pc.org>
next in thread | raw e-mail | index | archive | help
It still doesn't seem to work, but that's exactly the kind of information I needed. Hopefully I can get there from here. Thank you. -Stephen > I guess I missing something, because the gif interfaces have to exist either > by cloning or by creating them and I use a similiar rule to allow gif > interface traffic to traverse my firewall regardless of the ipaddresses > associated with them. Without it the gif (ipip) traffic gets blocked. The > other thing to do is use the protocol number: > ipip 94 IPIP # Yet Another IP encapsulation > encap 98 ENCAP # Yet Another IP encapsulation > > I'm betting on 94 and write the rule something like: > > ipfw add 00122 allow 94 from a.b.c.d to me > ipfw add 00124 allow 94 from me to a.b.c.d > > you could even add granularity by specifying the interface, etc... > > > -----Original Message----- > From: cravey@hal-pc.org [mailto:cravey@hal-pc.org] > Sent: Tuesday, April 09, 2002 1:46 PM > To: jmire@lsuhsc.edu > Cc: freebsd-questions@freebsd.org > Subject: RE: ipfw config to only allow gif tunnels. > > > Sorry, that doesn't seem to work unless you're trying to firewall the > traffic > coming down the tunnel with the tunnel already established. Any other > suggestions? > > Thanks. > > -Stephen > > > > try something like: > > > > ipfw add 00122 allow ip from a.b.c.d to me via gif0 > > ipfw add 00124 allow ip from me to a.b.c.d via gif0 > > > > -- > > John Mire: jmire@lsuhsc.edu Network Administration > > 318-675-5434 LSU Health Sciences Center - Shreveport > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?auto-000007668495>