From owner-freebsd-questions Tue Aug 14 21: 6:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (oe35.law12.hotmail.com [64.4.18.92]) by hub.freebsd.org (Postfix) with ESMTP id 5034137B401; Tue, 14 Aug 2001 21:06:30 -0700 (PDT) (envelope-from default013subscriptions@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 14 Aug 2001 21:06:30 -0700 X-Originating-IP: [24.14.93.185] Reply-To: "default - Subscriptions" From: "default - Subscriptions" To: , Subject: Question about default IPFW Rules... Date: Tue, 14 Aug 2001 23:06:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Message-ID: X-OriginalArrivalTime: 15 Aug 2001 04:06:30.0143 (UTC) FILETIME=[A995F8F0:01C1253F] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Okay I recently setup IPFW, and during the past 24 hours I have been tweaking and getting familiar with writing the rules... I have a question about this rule in the default rc.firewall script: # Allow any traffic to or from my own net ${fwcmd} add pass all from ${ip} to ${net}:${mask} ${fwcmd} add pass all from ${net}:${mask} to ${ip} If one is on a cable/dsl connection like @home, wouldn't this rule supercede all other rules and let any traffic in from my I.P. address range? (given that example I.P. is 192.168.0.3, and netmask is 255.255.255.0) I am concerned with this because I do have hackers in my range that have been trying to get in... Is there a better way to do this? Or would you guys suggest removing this rule completely? (I have not tried this yet...) I am on an @home connection with two I.P. addresses bound to my NIC. they are both in the same range (ex. 192.168.0.3 and 192.168.0.4) ... the gateway is 192.168.0.1... I was thinking maybe I could limit this to traffic with my gateway and my own I.P. addresses, as I have provided other rules for things like DNS ... Thanks, Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message