ipfw: deny traffic between interfaces
Eric Pretorious
eric at pretorious.net
Tue Jul 26 21:26:36 GMT 2005
On Tuesday 26 July 2005 12:19 pm, Eric Pretorious wrote:
>I'm using FreeBSD 4.10 as a masquerading firewall for three private networks
>and want to restrict traffic between each interface (kind of like VLAN's).
FWIW: This construct *seems* to have the effect that I desire:
ipfw add 500 deny all from any to any out recv rl0 xmit fxp0
ipfw add 501 deny all from any to any out recv rl0 xmit sis1
ipfw add 502 deny all from any to any out recv fxp0 xmit rl0
ipfw add 503 deny all from any to any out recv fxp0 xmit sis1
ipfw add 504 deny all from any to any out recv sis1 xmit rl0
ipfw add 505 deny all from any to any out recv sis1 xmit fxp0
I'm not 100% certain of incoming/outgoing packets and the receive & transmit
"interfaces", though. (The man page doesn't elaborate on this rule option.)
--
Eric P.,
Truckee, CA
More information about the freebsd-questions
mailing list