[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: boot order (bringing up interaces and ipf)
I would try this:
block return-rst in log quick on ne0 proto tcp from any to !intrenal_ip_range port = X
> -----Original Message-----
> From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org]On Behalf Of ryc
> Sent: Monday, July 02, 2001 12:41 PM
> To: cjclark@alum.mit.edu
> Cc: misc@openbsd.org
> Subject: Re: boot order (bringing up interaces and ipf)
>
>
> The problem is that it will block traffic comming in over the net for other
> computers on those ports. I just want to block it for the firewall machine.
> =(
>
> ryan
>
>
> > On Sun, Jul 01, 2001 at 11:40:28PM -0500, ryc wrote:
> > > The behavior that I desire is to block packets comming in on ne0 (the
> > > internet interface) to the port X. I dont want to block any other
> traffic.
> > > The reason I want to block these packets is to provide extra security
> > > against people from the outside accessing my services (such as database
> > > servers, proxies, ect.. ). The problem is that at the time the ipf rules
> are
> > > loaded ne0 does not have an ip address and ipf wont load the rule. Any
> other
> > > suggestions?
> >
> > So what don't you like about this rule?
> >
> > block return-rst in log quick on ne0 proto tcp from any to any port = X
> >
> > It blocks port "X" coming in over ne0, nothing else, and does not
> > depend on ne0 having an IP address.
> > --
> > Crist J. Clark cjclark@alum.mit.edu