ipfw on just inbound and not outbound
Charles Swiger
cswiger at mac.com
Tue Apr 14 21:22:06 UTC 2015
On Apr 14, 2015, at 2:09 PM, hiren panchasara <hiren at strugglingcoder.info> wrote:
> Apologies if this is something silly but I want to completely eliminate
> ipfw from outgoing traffic perspective. I just want to have it on
> incoming. I can always add "allow ip from any to any out" as the first
> rule but that is still ipfw doing something.
>
> Is there a way to tell ipfw to not look at outbound traffic at all?
>
> OR, the rule I mentioned is the best that can be done here?
Blocking outbound traffic can be more important to security than blocking
inbound traffic-- for one reason, see BCP 38 / RFC-2827. The rule you've
suggested is the best that can be done, aside from disabling IPFW entirely.
Regards,
--
-Chuck
More information about the freebsd-ipfw
mailing list