ipfw: deny traffic between interfaces
Eric Pretorious
eric at pretorious.net
Tue Jul 26 19:44:13 GMT 2005
I'm using FreeBSD 4.10 as a masquerading firewall for three private networks
and want to restrict traffic between each interface (kind of like VLAN's).
The firewall's interfaces are configured as such:
sis0 public
rl0 192.168.1.1
fxp0 192.168.2.1
sis1 192.168.4.1
...and ipfw is configured as such:
00050 13453519 8660535275 divert 8668 ip from any to any via sis0
00100 490 81262 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 26955802 17357286222 allow ip from any to any
65535 0 0 deny ip from any to any
How can I accomplish this with ipfw? (I thought that something like `ipfw add
400 deny ip from rl0 to not sis0` would do the job but it didn't.)
--
Eric P.,
Truckee, CA
More information about the freebsd-questions
mailing list