[ale] ipfwadmin rules?

Jeremy T. Bouse undrgrid at undergrid.net
Mon Jun 8 09:18:14 EDT 1998


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 8 Jun 1998, Nomad the Wanderer wrote:

> Date: Mon, 8 Jun 1998 06:30:27 -0600
> From: Nomad the Wanderer <nomad at orci.com>
> To: "Jeremy T. Bouse" <undrgrid at undergrid.net>
> Cc: Atlanta Linux Enthusiasts <ale at cc.gatech.edu>
> Subject: Re: [ale] ipfwadmin rules?
> 
> One more problem.  I have 2 interfaces, eth0 and ppp0.  How do I limit the rules
> to just the ppp0 interface.  When I applied the rules below it killed the machines
> on the backend also.
> 
> Robert
> 
	I guess in this case you would have to specify which device or IP
to place that on... As I also have a ppp0 (assign'd a static IP) and a
eth0 (also with a valid IP in a /30 subnet); however I don't have another
machine connect'd to me at this time and using me as a router... I guess
you could use the fields list'd in the ipfwadm(8) man page as shown below:

       -V address
              Optional address of an interface via which a packet
              is received, or via which is packet is going to  be
              sent.   Address can be either a hostname or a plain
              IP address.   When  a  hostname  is  specified,  it
              should  resolve  to  exactly  one IP address.  When
              this option is  omitted,  the  address  0.0.0.0  is
              assumed, which has a special meaning and will match
              with any interface address.  For the check command,
              this option is mandatory.

       -W name
              Optional name of an interface via which a packet is
              received, or via which is packet  is  going  to  be
              sent.   When  this  option  is  omitted,  the empty
              string is assumed, which has a special meaning  and
              will  match with any interface name.  For the check
              command, this option is mandatory.

	This way could could either give it the interface name or dotted
quad IP address... Another idea would be to install the dotfile generator
for ipfwadm and see what it would come  up with for you...

	Sincerely,
	Jeremy T. Bouse
	System Administrator

    Jeremy T. Bouse - SouthNet TeleComm Services, Inc - www.STSI.net
  PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198  19D0593E50E597E9
 Public PGP key available by sending email with 'send pgpkey' in subject
     undrgrid at UnderGrid.net - NIC Whois: JB5713 - undrgrid at STSI.net
          /earth is 98% full ... please delete anyone you can.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNXvkmuak13roPZrlAQEOLQP/Tu0bc2bl6EAbTK5YRAlo/FiCWkKpUv/q
iHwGeGAoVTBQKnsXQ9PDn4pcmlGh1+Cb8HgUNTXQ1q5eJOY/3dzNu3Ph50qo+gDl
TYXn2cmQe7K1IX8PCXwlVboqqw9+muhG9wno6koCZgLXpnqhnHqQmpWHImZNzpU8
srwZa97/DvU=
=C1QL
-----END PGP SIGNATURE-----






More information about the Ale mailing list