protect a single interface with IPFW ?
Hello is it possible to protect a single interface with IPFW my server has only one interface and I want to allow only SSH LDAP LDAPS thanks for any examples ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
protect a single interface with IPFW ?
Hello is it possible to protect a single interface with IPFW my server has only one interface and I want to allow only SSH LDAP LDAPS thanks for any examples ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: protect a single interface with IPFW ?
On 12 January 2011 14:47, Frank Bonnet f.bon...@esiee.fr wrote: Hello is it possible to protect a single interface with IPFW my server has only one interface and I want to allow only SSH LDAP LDAPS thanks for any examples ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org something likes this add pass all from any to any via lo0 add pass tcp from w.x.y.z to any 22 in via $int keep-state add pass tcp from w.x.y.z to any 389 in via $int keep-state add deny ip from any to any or for pf (better in my opinion) table sshhosts const { hosta, hostb, ... } table ldaphosts const { hosta, hostb, ... } set skip on lo0 block any from any pass in quick proto tcp from sshhosts to any port ssh synproxy state pass in quick proto tcp from ldaphosts to any port ldap synproxy state ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: protect a single interface with IPFW ?
On 12 January 2011 15:01, krad kra...@gmail.com wrote: On 12 January 2011 14:47, Frank Bonnet f.bon...@esiee.fr wrote: Hello is it possible to protect a single interface with IPFW my server has only one interface and I want to allow only SSH LDAP LDAPS thanks for any examples ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org something likes this add pass all from any to any via lo0 add pass tcp from w.x.y.z to any 22 in via $int keep-state add pass tcp from w.x.y.z to any 389 in via $int keep-state add deny ip from any to any or for pf (better in my opinion) table sshhosts const { hosta, hostb, ... } table ldaphosts const { hosta, hostb, ... } set skip on lo0 block any from any pass in quick proto tcp from sshhosts to any port ssh synproxy state pass in quick proto tcp from ldaphosts to any port ldap synproxy state whops forgot the all important lines. Without these you box itself cant intiate connections to the outside world ipfw add before the deny add pass all from any to any out via $int keep-state and for pf, add at the end pass out from any to any keep state ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: protect a single interface with IPFW ?
Thanks a lot ! On 01/12/2011 04:03 PM, krad wrote: On 12 January 2011 15:01, kradkra...@gmail.com wrote: On 12 January 2011 14:47, Frank Bonnetf.bon...@esiee.fr wrote: Hello is it possible to protect a single interface with IPFW my server has only one interface and I want to allow only SSH LDAP LDAPS thanks for any examples ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org something likes this add pass all from any to any via lo0 add pass tcp from w.x.y.z to any 22 in via $int keep-state add pass tcp from w.x.y.z to any 389 in via $int keep-state add deny ip from any to any or for pf (better in my opinion) tablesshhosts const { hosta, hostb, ... } tableldaphosts const { hosta, hostb, ... } set skip on lo0 block any from any pass in quick proto tcp fromsshhosts to any port ssh synproxy state pass in quick proto tcp fromldaphosts to any port ldap synproxy state whops forgot the all important lines. Without these you box itself cant intiate connections to the outside world ipfw add before the deny add pass all from any to any out via $int keep-state and for pf, add at the end pass out from any to any keep state ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Frank BONNET 01.45.92.66.17 Service des Moyens Informatique Generaux ESIEE PARIS Cité Descartes / BP 99 93162 NOISY-LE-GRAND Cedex http://www.esiee.fr http://www.esiee.fr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org