protect a single interface with IPFW ?
krad
kraduk at gmail.com
Wed Jan 12 15:01:03 UTC 2011
On 12 January 2011 14:47, Frank Bonnet <f.bonnet at esiee.fr> wrote:
> Hello
>
> is it possible to protect a single interface with IPFW
> my server has only one interface and I want to
> allow only SSH LDAP LDAPS
>
> thanks for any examples
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
something likes this
add pass all from any to any via lo0
add pass tcp from w.x.y.z to any 22 in via $int keep-state
add pass tcp from w.x.y.z to any 389 in via $int keep-state
add deny ip from any to any
or for pf (better in my opinion)
table <sshhosts> const { hosta, hostb, ... }
table <ldaphosts> const { hosta, hostb, ... }
set skip on lo0
block any from any
pass in quick proto tcp from <sshhosts> to any port ssh synproxy state
pass in quick proto tcp from <ldaphosts> to any port ldap synproxy state
More information about the freebsd-questions
mailing list