[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A simple rule

I would like some help in a very simple rule that I am writing, sorry am a newbie to this.

Currently I am running a bridge, and am planning to filter on only one card.
The rule that I want to write is quite simple

- Block In everything
- Allow In ping from internal only, only internal network could ping the machines.
- Allow Out ping to anywhere, internal machines could ping to anywhere on earth.

So far I have this.

#Block everything IN
block in log on fxp1 all

#Let internal to ping IN
pass in log on $int_if inet proto icmp from $Internal to $Internal icmp-type 8 code 0 keep state

#let internal to ping OUT
pass out log on $int_if inet proto icmp from $Internal to any icmp-type 8 code 0 keep state

It works if I ping from external I wouldnt be able to, and if I ping internal (not behind the firewall but same network) it still works.

But from the machine behind the firewall, I am able to ping internal only, not external, what am I writing wrong in those 3 lines?
Basically I want more freedom for the ppl behind the firewall but none to ppl outside.

Thanx in advance, T

Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail