rinat
February 20th, 2010, 08:45
Hi.
System - FreeBSD 7.0-release
Two interface, work act as bridge, for filtering i use ipfw.
msk0 - outer interfase, em0 - inner interface.
Work fine about year.But recently i had discovered the problem:
i want to block tcp packets from internet address ххх.ххх.ххх.ххх to local network 80 port.
the ipfw rule:
$cmd 00002 deny log tcp from ххх.ххх.ххх.ххх to any 80 in via msk0
or
$cmd 00002 deny log tcp from ххх.ххх.ххх.ххх to any 80 in recv msk0
DON'T WORK
the rule :
$cmd 00002 deny log ip from any 80 to ххх.ххх.ххх.ххх out via msk0
or
$cmd 00002 deny log tcp from ххх.ххх.ххх.ххх to any 80 bridged
WORK.
why?
System - FreeBSD 7.0-release
Two interface, work act as bridge, for filtering i use ipfw.
msk0 - outer interfase, em0 - inner interface.
Work fine about year.But recently i had discovered the problem:
i want to block tcp packets from internet address ххх.ххх.ххх.ххх to local network 80 port.
the ipfw rule:
$cmd 00002 deny log tcp from ххх.ххх.ххх.ххх to any 80 in via msk0
or
$cmd 00002 deny log tcp from ххх.ххх.ххх.ххх to any 80 in recv msk0
DON'T WORK
the rule :
$cmd 00002 deny log ip from any 80 to ххх.ххх.ххх.ххх out via msk0
or
$cmd 00002 deny log tcp from ххх.ххх.ххх.ххх to any 80 bridged
WORK.
why?