Skip site navigation (1)Skip section navigation (2)
Date:      08 Jan 2003 20:41:10 +0800
From:      Khairil Yusof <kaeru@pd.jaring.my>
To:        Jonathan Belson <jon@witchspace.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: [Q] ipfw and 'me'
Message-ID:  <1042029669.545.325.camel@daemon.home.net>
In-Reply-To: <3E19B689.2090207@witchspace.com>
References:  <3E19B689.2090207@witchspace.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--=-4euo2KjqN0chn29skZXS
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2003-01-07 at 01:02, Jonathan Belson wrote:

> Since the machine is a gateway, it has two network cards.  Will
> 'me' match *both* IP address or just the first one it comes
> across?  I only really want it to match the IP address of the
> external interface, not the internal one.

How about using interface rules since you have 2 network cards?

rules to allow stuff local network on fxp0 (internal network)
deny from any to any via fxp0

allow stuff via fxp1 (external network)
deny from any to any via fxp1

I find this to be easier.

--=20
Khairil Yusof <kaeru@pd.jaring.my>

--=-4euo2KjqN0chn29skZXS
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQA+HBxlDAqnLW/+/X8RAqwMAKCiLHgOE0eS4rjwKPtnkK7o7eiIzACdF0uz
PVYY2nUBg/+v04Bk8gxLG3U=
=naV1
-----END PGP SIGNATURE-----

--=-4euo2KjqN0chn29skZXS--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1042029669.545.325.camel>