OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Problems with natd and simple firewall
From: Warner Losh (impvillage.org)
Date: Tue Jul 25 2000 - 18:34:08 CDT


I don't think we need a special option. We have the following in our
firewall rules:

#
# filter_net
#
# Takes one or two arguments.
#
# This will filter out traffic to/from these networks. The first
# argument
# will be filtered. If there is a second argument, it is the
# interface to
# filter on
#
filter_net()
{
        via=${2:+via $2}

        $fwcmd add deny log ip from any to $1 ${via}
        $fwcmd add deny log ip from $1 to any ${via}
}
inet_if=fxp0
filter_net 192.168.0.0:255.255.0.0
filter_net 172.16.0.0:255.240.0.0
filter_net 10.0.0.0:255.0.0.0 ${inet_if}

and this has been verified to work. we use net10 internally and we
need for the router that we have to be able to pass those packets
through the router, but not out to the internet, which is on fxp0.

Warner

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message