From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Aug  7 06:52:29 1996
Received: by mail.jp.freebsd.org (8.7.3+2.6Wbeta5/8.7.3) id GAA05486
	Wed, 7 Aug 1996 06:52:29 +0900 (JST)
Received: by mail.jp.freebsd.org (8.7.3+2.6Wbeta5/8.7.3) with ESMTP id GAA05481
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 7 Aug 1996 06:52:27 +0900 (JST)
Received: from adam.dsp.cl.nec.co.jp by research.gate.nec.co.jp (8.7.5+2.6Wbeta6/950912) with ESMTP id GAA23948; Wed, 7 Aug 1996 06:52:25 +0900 (JST)
Received: from haydn.dsp.cl.nec.co.jp by adam.dsp.cl.nec.co.jp (8.7.5+2.6Wbeta6/CL-960412) with SMTP id GAA08290; Wed, 7 Aug 1996 06:52:17 +0900 (JST)
Message-Id: <199608062152.GAA08290@adam.dsp.cl.nec.co.jp>
To: FreeBSD-users-jp@jp.freebsd.org
In-reply-to: Your message of "Mon, 05 Aug 96 00:09:52 JST."
             <199608041509.AAA15875@MAGI.ns.maizuru-ct.ac.jp> 
Date: Wed, 07 Aug 1996 06:55:19 +0900
From: Akihiro Hirano <hirano@DSP.CL.nec.co.jp>
Reply-To: FreeBSD-users-jp@jp.freebsd.org
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=19]
X-Sequence: FreeBSD-users-jp 3568
Subject: [FreeBSD-users-jp 3568] Re: IP Firewall 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

$BJ?Ln(B@NEC$B$G$9!#(B

$B!tIqDa=P?H$@$C$?$j$9$k!D(B

> > >>              CISCO          FreeBSD
> > >>   NCA5  -------/---------------/------------- $B<+J,$N%^%7%s(B
> > >> $B!J5~Bg!K(B ISDN      $B9;Fb%M%C%H(B     $B%5%V%M%C%H(B
> > >>                   202.19.104.?    192.168.0.?
> > >>                   202.19.105.?
> > 
> >   o 192.168.0.? $B$+$i%$%s%?!<%M%C%H$X=P$F9T$/(B packet $B$,L5$$;v$r(B
> >     $BJ]>c$9$kI,MW$,$"$j$^$9!#$?$H$($P(B CISCO $B$G(B filtering $B$9$k$H(B
> >     $B$$$&$N$,$R$H$D$N<j$G$9$,!"$H$b$+$/%$%s%?!<%M%C%H$K(B source
> >     address $B$,(B private $B$J$b$N$r=P$7$F$O$$$1$J$$$N$G!#(B
> 
> FreeBSD $B$N;~E@$G!"%m!<%+%k$+$i(B 202.19.104.0/24 $B$H(B 202.19.105/24 $B$K$7$+Cf7Q(B
> $B$7$J$$$h$&$K$O$G$-$^$;$s$+!#(B

$B!!(BIPFW$B$r;H$($P!"$G$-$^$9!#$=$N$?$a$K$O!"%+!<%M%k$N(Bconfig$B%U%!%$%k$K(B

	options IPFIREWALL
	options IPFIREWALL_VERBOSE

$B$rF~$l$kI,MW$,$"$j$^$9(B(LINT$B%U%!%$%k$G3NG'$7$F$/$@$5$$!D(B)$B!#$"$H$O!"(Bman
ipfw$B$r=OFI$7$F!"@_Dj$9$l$PNI$$$G$9!#(Bipfw$B%3%^%s%I$N0z?t$O!"(BOS$B$K$h$C$F$3(B
$B$m$3$mJQ$o$C$F$$$k$N$G!"MWCm0U$G$9!#(B2.1.0R$B$@$C$?$i!"B?J,!"(B

	# $B=i4|2=(B
	ipfw flush

	# localhost
	ipfw addfirewall pass all from 127.0.0.1 to 127.0.0.1

	# 202.19.10[45].0 <-> MY-HOST
	ipfw addfirewall pass all from 202.19.104.0/24 to MY-HOST
	ipfw addfirewall pass all from MY-HOST to 202.19.104.0/24
	ipfw addfirewall pass all from 202.19.105.0/24 to MY-HOST
	ipfw addfirewall pass all from MY-HOST to 202.19.105.0/24
	ipfw addfirewall pass all from MY-HOST 192.168.0.0/24
	ipfw addfirewall pass all from 192.168.0.0/24 to MY-HOST

	# 202.19.10[45].0 <-> 192.168.0.0
	ipfw addfirewall pass all from 202.19.104.0/24 to 192.168.0.0/24
	ipfw addfirewall pass all from 192.168.0.0/24 to 202.19.104.0/24
	ipfw addfirewall pass all from 202.19.105.0/24 to 192.168.0.0/24
	ipfw addfirewall pass all from 192.168.0.0/24 to 202.19.105.0/24

	# $B;D$j$OA4It5qH](B
	ipfw addfirewall deny all from 0.0.0.0 to 0.0.0.0

$B$3$s$J46$8$G$7$g$&!#>/$J$/$H$b!"$3$N0UL#$,$o$+$kDxEY$K!"%^%K%e%"%k$rFI(B
$B$s$G$+$i;H$C$F$_$k$N$,L5Fq$G$9!#$J$*!"(B2.1.5R$B$G$O!"(B

	ipfw addfirewall pass all from 192.168.0.0/24 to MY-HOST

$B$G$O$J$/$F(B

	ipfw add [$B9THV9f(B] pass all from 192.168.0.0/24 to MY-HOST

$B$N$h$&$K$J$j$^$9!#(B

$B!t$&$m3P$($G=q$$$F$$$k$N$G!"(Bman$B$G3NG'$7$F$/$@$5$$$M!D(B

> FreeBSD $B$N%U%!%$%"!<%&%)!<%k$C$F#I#P%U%#%k%?%j%s%0$7$F$/$l$J$$$s$G$9$+$M$'!#(B

$B!!$H$$$&$3$H$G!"$G$-$^$9$h!D(B
----
$BF|K\EE5$(B($B3t(B)$B>pJs%a%G%#%"8&5f=j!!J?Ln989((B
E-mail : hirano@dsp.CL.nec.co.jp
