W. D. wrote:
> At 09:36 10/21/2005, Daemon, wrote:
>
>>Great!. Thanks. One possibly stupid question. What is the "Deny
>>Spoof"? Is that like;
>># Stop spoofing of your internal network range
>># ${fwcmd} add deny ip from ${iif} to any in via ${oif}
>># Stop spoofing from inside your p
Yup - that would work.
IPFW also has a built-in command that does the same:
$cmd deny ip from any to any not antispoof in
Daemon wrote:
Great!. Thanks. One possibly stupid question. What is the "Deny
Spoof"? Is that like;
# Stop spoofing of your internal network range
# ${fw
At 09:36 10/21/2005, Daemon, wrote:
>Great!. Thanks. One possibly stupid question. What is the "Deny
>Spoof"? Is that like;
># Stop spoofing of your internal network range
># ${fwcmd} add deny ip from ${iif} to any in via ${oif}
># Stop spoofing from inside your private ip range
>#
Great!. Thanks. One possibly stupid question. What is the "Deny
Spoof"? Is that like;
# Stop spoofing of your internal network range
# ${fwcmd} add deny ip from ${iif} to any in via ${oif}
# Stop spoofing from inside your private ip range
# ${fwcmd} add deny ip from not ${iif} to an
Hi,
I found my rules worked best in this order:
(You will need to correct the syntax - just typed up the order for you
quickly)
Deny spoofed
Allow localhost
Allow all from any to any via $iif
divert natd all from any to any in via $oif
#insert bandwidth shaping rules
skipto 5000 all from $iip t
I'm trying to build a firewall from scratch using man ipfw and what I
can find on the net. I'm doing bandwidth shaping and I'm not quite sure
where it goes as far as rule numbers. From what I can see, it matters
and I'd like to do it right. I'm using an OPEN firewall with NATD
because I'm on cab
