From owner-freebsd-questions  Wed Apr 17 11:38:47 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.ycn.com (mail.ycn.com [212.88.160.3])
	by hub.freebsd.org (Postfix) with ESMTP id 02A3B37B416
	for <questions@FreeBSD.ORG>; Wed, 17 Apr 2002 11:38:41 -0700 (PDT)
Received: from ws01 (212-88-187-192.ADSL.ycn.com [212.88.187.192])
	by mail.ycn.com (8.11.3/8.9.3/Debian 8.9.3-21) with SMTP id g3HIdSN19718
	for <questions@FreeBSD.ORG>; Wed, 17 Apr 2002 20:39:29 +0200
From: "Richard Kaestner" <richard.kaestner@ycn.com>
To: <questions@FreeBSD.ORG>
Subject: ipfw - please help understanding
Date: Wed, 17 Apr 2002 20:53:51 +0200
Message-ID: <C1F8152FC5A1D31196510000B430148603105D@saturn>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

could someone please help me to understand:
(before I go deeper and finally create my firewall,
I want to understand ...)

I want to setup a rule for 10.1.1.1/16:

simple case:
	- 10.1.1.1/16 -> should be alowed to "ssh" to "everyone in 10.1.x.x/16
	- only 10.1.1.2/16 should be allowed to "ssh" to 10.1.1.1/16

	I think, this rule could work (on 10.1.1.1):
	allow log tcp from 10.1.1.2/16 22 to me keep-state in
      	                                  ^^^^^^^ => setup ?

	(at least, I tried it and I could do what I wanted - however, I am
	almost sure, it is not the full thing ...)

	Which place for such rule would be adequate, if there also should
	be rules for other protocols ( as http, smtp) - is there some advise
	about "priorities" of rules?

Is there kind of "intro for (ip) dummies" to ipfw rules?
(I can't get clear with the short description in the handbook)

Is there kind of "starters ruleset" for a simple firewall
(possibly with some explanations ...)


Thanks for every help!

--
  ciao -
    Richard

"you have moved your mouse, please reboot to make this change take
effect"

Richard Kästner
Woerthgasse 17
2500 Baden                              Austria
mailto:richard.kaestner@ycn.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message