From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 28 09:56:03 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AF4916A4CE for ; Thu, 28 Oct 2004 09:56:03 +0000 (GMT) Received: from publicd.ub.mng.net (publicd.ub.mng.net [202.179.0.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A32043D1D for ; Thu, 28 Oct 2004 09:56:01 +0000 (GMT) (envelope-from tegshee@mongol.net) Received: from [202.179.0.164] (helo=tegshee.mongol.net) by publicd.ub.mng.net with esmtp (Exim 4.43 (FreeBSD)) id 1CN73Q-000FEn-9r for freebsd-ipfw@freebsd.org; Thu, 28 Oct 2004 17:58:48 +0800 Message-Id: <5.1.1.6.2.20041028173750.00ba2150@202.179.0.80> X-Sender: tegshee@202.179.0.80 X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Thu, 28 Oct 2004 17:55:47 +0800 To: freebsd-ipfw@freebsd.org From: "Tegshjargal.A" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Oct 2004 09:56:03 -0000 Hi there! We have FreeBSD proxy server. (OS is Freebsd 5.2.) All client computer was working with static ip address such as : ip address: 10.0.0.55 subnet mask: 255.255.255.0 default gateway: 10.0.0.1 Preferred DNS server: xxx.xxx.xxx.xx1 Alternative DNS server: xxx.xxx.xxx.xx2 I want to restrict some customers to access some ports. But sometimes some blocked staffs are changing by permitted ip address so they access to foreign server. my rule is : # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup ... ${fwcmd} add pass tcp from 10.0.0.21,10.0.0.63 to any 4333 setup keep-state How can I restrict it? Thank you. Tegshjargal.A