filtering aliasIP from the primaryIP with IPF
Roisin Murphy
Roisin.Murphy at gmail.com
Thu Sep 30 01:14:53 PDT 2004
hi
my freebsd machine is 192.168.1.34 with one jail running on
192.168.1.35 (dc0_alias), and i have one more separate win2k box:
192.168.1.33, i want to filter that jail with ipf, so that it cannot
access anything running on that win2k machine and anything bind to the
primary fbsd IP, but i want to be still able to ssh into that .35 jail
filtering the win2k box worked as expected:
pass in quick on dc0 proto tcp from 192.168.1.33 to 192.168.1.35 port
= 22 flags S keep state
block out quick on dc0 proto tcp/udp from 192.168.1.35 to 192.168.1.33
keep state keep frags
but that primary fbsd IP, since its the same dc0 interface, i dont
know how to write that rule... anyone?
thanks
More information about the freebsd-questions
mailing list