Thanks a lot !
On 01/12/2011 04:03 PM, krad wrote:
On 12 January 2011 15:01, krad<kra...@gmail.com> wrote:
On 12 January 2011 14:47, Frank Bonnet<f.bon...@esiee.fr> wrote:
Hello
is it possible to protect a single interface with IPFW
my server has only one interface and I want to
allow only SSH LDAP LDAPS
thanks for any examples
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscr...@freebsd.org"
something likes this
add pass all from any to any via lo0
add pass tcp from w.x.y.z to any 22 in via $int keep-state
add pass tcp from w.x.y.z to any 389 in via $int keep-state
add deny ip from any to any
or for pf (better in my opinion)
table<sshhosts> const { hosta, hostb, ... }
table<ldaphosts> const { hosta, hostb, ... }
set skip on lo0
block any from any
pass in quick proto tcp from<sshhosts> to any port ssh synproxy state
pass in quick proto tcp from<ldaphosts> to any port ldap synproxy state
whops forgot the all important lines. Without these you box itself cant
intiate connections to the outside world
ipfw add before the deny
add pass all from any to any out via $int keep-state
and for pf, add at the end
pass out from any to any keep state
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
--
Frank BONNET
01.45.92.66.17
Service des Moyens Informatique Generaux
ESIEE PARIS
Cité Descartes / BP 99
93162 NOISY-LE-GRAND Cedex
http://www.esiee.fr <http://www.esiee.fr/>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"