|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Problems with natd and simple firewall
From: Warner Losh (imp
village.org)Date: Tue Jul 25 2000 - 18:34:08 CDT
- Next message: Mike Hoskins: "Re: Problems with natd and simple firewall"
- Previous message: Mike Hoskins: "Re: Problems with natd and simple firewall"
- In reply to: Stephen Montgomery-Smith: "Re: Problems with natd and simple firewall"
- Next in thread: Shaun Jurrens: "Re: Problems with natd and simple firewall"
- Reply: Warner Losh: "Re: Problems with natd and simple firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I don't think we need a special option. We have the following in our
firewall rules:
#
# filter_net
#
# Takes one or two arguments.
#
# This will filter out traffic to/from these networks. The first
# argument
# will be filtered. If there is a second argument, it is the
# interface to
# filter on
#
filter_net()
{
via=${2:+via $2}
$fwcmd add deny log ip from any to $1 ${via}
$fwcmd add deny log ip from $1 to any ${via}
}
inet_if=fxp0
filter_net 192.168.0.0:255.255.0.0
filter_net 172.16.0.0:255.240.0.0
filter_net 10.0.0.0:255.0.0.0 ${inet_if}
and this has been verified to work. we use net10 internally and we
need for the router that we have to be able to pass those packets
through the router, but not out to the internet, which is on fxp0.
Warner
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Mike Hoskins: "Re: Problems with natd and simple firewall"
- Previous message: Mike Hoskins: "Re: Problems with natd and simple firewall"
- In reply to: Stephen Montgomery-Smith: "Re: Problems with natd and simple firewall"
- Next in thread: Shaun Jurrens: "Re: Problems with natd and simple firewall"
- Reply: Warner Losh: "Re: Problems with natd and simple firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]