From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 4 21:17:20 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E5D316A4CE for ; Fri, 4 Mar 2005 21:17:20 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD1F43D2D for ; Fri, 4 Mar 2005 21:17:19 +0000 (GMT) (envelope-from dot.sn1tch@gmail.com) Received: by wproxy.gmail.com with SMTP id 70so952371wra for ; Fri, 04 Mar 2005 13:17:19 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=RP2WU2uBzYS8jkJUXKR3lmVsw48oGeh5/W+xlMZdW3EMq5IaqgeE1XIhFrIDKcoeqieILV68jhmm15AExVM818KhrUJ0Vi/RL5Ynytwa1GBlHdderf9eohvsATWSjNEFbNI0cENtUxN7UTl+sYuMjERAMY4qtPm5JIJw86+IcV0= Received: by 10.54.66.8 with SMTP id o8mr19722wra; Fri, 04 Mar 2005 13:17:08 -0800 (PST) Received: by 10.54.31.67 with HTTP; Fri, 4 Mar 2005 13:17:07 -0800 (PST) Message-ID: Date: Fri, 4 Mar 2005 16:17:07 -0500 From: sn1tch To: Jason Hunt In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <4e2234d5eae49964babe6b525612473a@mac.com> cc: freebsd-ipfw@freebsd.org Subject: Re: Quick Firewall Question X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sn1tch List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2005 21:17:20 -0000 you could try: $oip = outside IP $oif = outside interface ipfw add deny all from any to $oip 80 in via $oif or whatever port On Fri, 04 Mar 2005 15:13:18 -0600, Jason Hunt wrote: > Chuck, > > Thanks for your quick response. What I really need to do is to block > specific ports on my outside interface NIC. In fact, I need to keep the 2nd > NIC which is internal open to those ports. > > > From: Charles Swiger > > Date: Fri, 4 Mar 2005 16:09:17 -0500 > > To: Jason Hunt > > Cc: > > Subject: Re: Quick Firewall Question > > > > On Mar 4, 2005, at 4:01 PM, Jason Hunt wrote: > >> Greetings, > >> > >> I have a machine that I need to quickly block outside access to (just > >> internal access from 2nd NIC). Is there any quick examples of how I > >> can add > >> a rule to specifically block a port on specific IP? > > > > ipfw add 100 deny tcp from 1.2.3.4 any to 192.168.1.2 11 > > > > This will block connections from IP 1.2.3.4 to your host's port 11, > > assuming your local IP was 192.168.1.2 > > > > -- > > -Chuck > > > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > -- You've officially been Gmailed