[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: boot order (bringing up interaces and ipf)
The problem is that it will block traffic comming in over the net for other
computers on those ports. I just want to block it for the firewall machine.
=(
ryan
> On Sun, Jul 01, 2001 at 11:40:28PM -0500, ryc wrote:
> > The behavior that I desire is to block packets comming in on ne0 (the
> > internet interface) to the port X. I dont want to block any other
traffic.
> > The reason I want to block these packets is to provide extra security
> > against people from the outside accessing my services (such as database
> > servers, proxies, ect.. ). The problem is that at the time the ipf rules
are
> > loaded ne0 does not have an ip address and ipf wont load the rule. Any
other
> > suggestions?
>
> So what don't you like about this rule?
>
> block return-rst in log quick on ne0 proto tcp from any to any port = X
>
> It blocks port "X" coming in over ne0, nothing else, and does not
> depend on ne0 having an IP address.
> --
> Crist J. Clark cjclark@alum.mit.edu