From owner-freebsd-security Fri Apr 9 4:18:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 6AA6014F9B; Fri, 9 Apr 1999 04:17:59 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.2/8.9.2/UCB) id OAA32087; Fri, 9 Apr 1999 14:13:45 +0300 (EEST) (envelope-from ru) Date: Fri, 9 Apr 1999 14:13:45 +0300 From: Ruslan Ermilov To: "Serguei V. Melekhov" Cc: freebsd-security@FreeBSD.ORG, luigi@FreeBSD.ORG Subject: Re: Ipfw related. Message-ID: <19990409141345.A31742@relay.ucb.crimea.ua> Mail-Followup-To: "Serguei V. Melekhov" , freebsd-security@FreeBSD.ORG, luigi@freebsd.org References: <370DAA59.7B3325E0@vniigazmain.gazprom.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <370DAA59.7B3325E0@vniigazmain.gazprom.ru>; from Serguei V. Melekhov on Fri, Apr 09, 1999 at 11:20:57AM +0400 X-Operating-System: FreeBSD 3.1-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Apr 09, 1999 at 11:20:57AM +0400, Serguei V. Melekhov wrote: > Hello Security Users, > > Maybe i missed something... Well.. Just read text below and help if > u can.;) Thanks in advance. > > Let me show you one thing: > > ipfw add xxxx deny all from my.host.com to evil.host.com > > - It denies packets from my.host.com to evil.host.com, but > evil.host.com still can send packets to my.host.com. > > Decision: add another deny rule. But here is my question! > Is there any other ways to deny packets in both sides (in and out) > by writing only one ipfw rule? > No, not yet. Luigi had some plans (???) to implement ``between'' predicate, so you'd be able to write: ipfw add xxxx deny ip between my.host.com and evil.host.com -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message