> Thanks for the suggestion, but where do I get ipf? I don't see it in the
it is part of the base system.
BTW both ipfilter and ipfw seem to do the job you want, so recommending
the use of one instead of the other is as technically sound as
saying to disconnect the network cable on the internal side (which
is the most secure thing you can do provided you do not have a
wireless card on the motherboard... these days you cannot trust
anything anymore!)
cheers
luigi
> FreeBSD packages region under networking or security. The closest I see
> in functionality I see is xinetd, but it only seems to allow me to specity
> ip addresses to enable/disable, but does not seem to have an option to
> specify the network interface.
>
> I guess xinetd is better than nothing, if I trust the outer firewall to
> filter out unexpected incoming ip addresses, but the whole point is that I
> do NOT trust the outer firewall to do it's job perfectly.
>
> Regards,
>
> orville.
>
> On Sun, 20 May 2001, Chojin wrote:
>
> > Use ipf
> > (it's not ipfw)
> > ----- Original Message -----
> > From: "Orville R. Weyrich.Jr" <[EMAIL PROTECTED]>
> > Cc: "Freebsd Net (E-mail)" <[EMAIL PROTECTED]>
> > Sent: Sunday, May 20, 2001 8:07 AM
> > Subject: Restricting traffic on one interface
> >
> >
> > > Hi --
> > >
> > > I have a dual homed FreeBSD-4.3 machine and want to restrict traffic on
> > > one interface but not the other (one interface is to a trusted network and
> > > the other is not).
> > >
> > > What I want is the untrusted interface to only present SMTP and HTTP
> > > ports, while the trusted interface presents telnet, ftp, NFS, SMB, etc.
> > >
> > > What is the best way to do this? The machine does NOT have IP forwarding
> > > enabled.
> > >
> > > -------------------------------------------------------------------
> > > Orville R. Weyrich, Jr. Weyrich Computer Consulting
> > > mailto:[EMAIL PROTECTED] KD7HJV http://www.weyrich.com
> > > -------------------------------------------------------------------
> > >
> > >
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe freebsd-net" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-net" in the body of the message
> >
>
> ===================================================================
> IF YOU WANT REFORM >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> VOTE REFORM
> -------------------------------------------------------------------
> Orville R. Weyrich, Jr. Weyrich Computer Consulting
> mailto:[EMAIL PROTECTED] KD7HJV http://www.weyrich.com
> -------------------------------------------------------------------
> Visit our online collection of book reviews:
>
> http://www.weyrich.com/book_reviews/
>
> Ask about our world wide web services!
> -------------------------------------------------------------------
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
