[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A simple rule
I would like some help in a very simple rule that I am writing, sorry am a
newbie to this.
Currently I am running a bridge, and am planning to filter on only one card.
The rule that I want to write is quite simple
- Block In everything
- Allow In ping from internal only, only internal network could ping the
- Allow Out ping to anywhere, internal machines could ping to anywhere on
So far I have this.
#Block everything IN
block in log on fxp1 all
#Let internal to ping IN
pass in log on $int_if inet proto icmp from $Internal to $Internal icmp-type
8 code 0 keep state
#let internal to ping OUT
pass out log on $int_if inet proto icmp from $Internal to any icmp-type 8
code 0 keep state
It works if I ping from external I wouldnt be able to, and if I ping
internal (not behind the firewall but same network) it still works.
But from the machine behind the firewall, I am able to ping internal only,
not external, what am I writing wrong in those 3 lines?
Basically I want more freedom for the ppl behind the firewall but none to
Thanx in advance,
Help STOP SPAM with the new MSN 8 and get 2 months FREE*