Firewalling jail > host and jail <-> jail traffic

I'm using ezjail and IPFW, at least thus far.

So far I have 10.13.13.0/8 subnet. My gateway is .1, my host server is .2, and my first jail is at .3

I noticed that from within my jail at .3 I can knock on the outside if .2.

I added this rule to my host but it makes no difference:
add 10032 set 30 deny all from 10.13.13.3 any to me any

What's the correct way to block jail to host traffic?

Down the line I will be adding more jails -- what's the right way to block inter-jail traffic?

Thanks!
 
Back
Top