Date: Mon, 06 Jan 2003 17:49:50 +0000 From: Jonathan Belson <jon@witchspace.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: [Q] ipfw and 'me' Message-ID: <3E19C1BE.4010603@witchspace.com> References: <3E19B689.2090207@witchspace.com> <20030106171001.GA13668@submonkey.net> <3E19BB9E.6010207@witchspace.com> <20030106173244.GA54032@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Nelson wrote: > me is me. Maybe the "recv | xmit | via {ifX | if* | ipno | any}" > options will help? What exactly are you trying to allow/block? My firewall rules are based on the 'simple' pattern in rc.firewall. I've got stuff like this to explicitly allow certain connections: # ssh ${fwcmd} add pass tcp from any to ${oip} 22 setup ${fwcmd} add pass udp from any to ${oip} 22 ${fwcmd} add pass udp from ${oip} 22 to any # Allow DNS queries out in the world ${fwcmd} add pass udp from ${oip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${oip} to any 123 keep-state where ${oip} is my external IP adress (ie. the one that changes every now and again) --Jon http://www.witchspace.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E19C1BE.4010603>