> Try this simple ruleset: > > possible deny log tcp from any to any setup tcpoptions !mss > > ipfw add allow ip from any to any out > ipfw add allow ip from any to your.c.net{x,y,z,so on...} > ipfw add deny log ip from any to any
I'd limit these to the outside interface, for performance rules. # Whatever the interface is... outif="fxp0" ipfw add allow ip from any to any out via ${outif} ipfw add allow ip from any to your.c.net{x,y,z,so on...} via ${outif} ipfw add deny log ip from any to any via ${outif} etc... Or, you could do. # The internal interface is not filtered intif="fxp1" ipfw add allow all from any to any via ${inif} # Everything else only applies to the external interface ipfw add allow ip from any to any out ipfw add allow ip from any to your.c.net{x,y,z,so on...} ipfw add deny log ip from any to any Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message