Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Re: Problems with natd and simple firewall
From: Warner Losh (impvillage.org)
Date: Tue Jul 25 2000 - 18:34:08 CDT

I don't think we need a special option. We have the following in our
firewall rules:

# filter_net
# Takes one or two arguments.
# This will filter out traffic to/from these networks. The first
# argument
# will be filtered. If there is a second argument, it is the
# interface to
# filter on
        via=${2:+via $2}

        $fwcmd add deny log ip from any to $1 ${via}
        $fwcmd add deny log ip from $1 to any ${via}
filter_net ${inet_if}

and this has been verified to work. we use net10 internally and we
need for the router that we have to be able to pass those packets
through the router, but not out to the internet, which is on fxp0.


To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message