Hi.
System - FreeBSD 7.0-release
Two interface, work act as bridge, for filtering i use ipfw.
msk0 - outer interfase, em0 - inner interface.
Work fine about year.But recently i had discovered the problem:
i want to block tcp packets from internet address Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ… to local network 80 port.
the ipfw rule:
or
DON'T WORK
the rule :
or
WORK.
why?
System - FreeBSD 7.0-release
Two interface, work act as bridge, for filtering i use ipfw.
msk0 - outer interfase, em0 - inner interface.
Work fine about year.But recently i had discovered the problem:
i want to block tcp packets from internet address Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ… to local network 80 port.
the ipfw rule:
Code:
$cmd 00002 deny log tcp from Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ… to any 80 in via msk0
Code:
$cmd 00002 deny log tcp from Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ… to any 80 in recv msk0DON'T WORK
the rule :
Code:
$cmd 00002 deny log ip from any 80 to Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ… out via msk0or
Code:
$cmd 00002 deny log tcp from Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ….Ñ…Ñ…Ñ… to any 80 bridgedWORK.
why?