I would like some help in a very simple rule that I am writing, sorry am a newbie to this.
Currently I am running a bridge, and am planning to filter on only one card. The rule that I want to write is quite simple
- Block In everything
- Allow In ping from internal only, only internal network could ping the machines.
- Allow Out ping to anywhere, internal machines could ping to anywhere on earth.
So far I have this.
#Block everything IN block in log on fxp1 all
#Let internal to ping IN
pass in log on $int_if inet proto icmp from $Internal to $Internal icmp-type 8 code 0 keep state
#let internal to ping OUT
pass out log on $int_if inet proto icmp from $Internal to any icmp-type 8 code 0 keep state
It works if I ping from external I wouldnt be able to, and if I ping internal (not behind the firewall but same network) it still works.
But from the machine behind the firewall, I am able to ping internal only, not external, what am I writing wrong in those 3 lines?
Basically I want more freedom for the ppl behind the firewall but none to ppl outside.
Thanx in advance, T
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
