Hi Team,
I want to understand the IP firewall rules. Consider the below rule
What this rule will do? What me refers here? Is it IP address of my system that apply firewall rules? Or MAC address of the interface? I am using 4.2 FreeBSD stack. I am trying to deny the packets which doesn't contain the IP and port of my destiantion.
My source IP is 171.21.47.100
My Destination IP is : 171.21.47.128 port:2024
I want to deny the tcp/udp packets which does not contain destination IP? What rule should I use to deny the packets? Already I have tried to configure the flags ACCEPT ,DSTMSK, dstip and port number as well. But the packets are not getting dropped. Can you please help me to achieve the above scenario? What flag I need to set to achieve this?
Please find the code snippet given below which I am assuming will apply the following
rule
To apply the above rule ,below code ll work? I am newbie to Firewall implementation.
Can you please help ?
if any sample code or reference please share it.
Code snippet:
Thanks,
Sathiyaraj
I want to understand the IP firewall rules. Consider the below rule
Code:
ipfw allow tcp/udp from any to meMy source IP is 171.21.47.100
My Destination IP is : 171.21.47.128 port:2024
I want to deny the tcp/udp packets which does not contain destination IP? What rule should I use to deny the packets? Already I have tried to configure the flags ACCEPT ,DSTMSK, dstip and port number as well. But the packets are not getting dropped. Can you please help me to achieve the above scenario? What flag I need to set to achieve this?
Please find the code snippet given below which I am assuming will apply the following
rule
Code:
allow tcp/udp from any to <ip_addr>Can you please help ?
if any sample code or reference please share it.
Code snippet:
Code:
if(sa->sa_family == AF_INET)
{
/* Add the Firewall Rule to allow only tcp packet coming from any to me */
bzero(&default_rule, sizeof default_rule);
//rule number
default_rule.fw_number = ruleno++;
//allow
default_rule.fw_flg |= IP_FW_F_ACCEPT;
default_rule.fw_flg |= IP_FW_F_IN | IP_FW_F_OUT;
//TCP
default_rule.fw_prot = IPPROTO_TCP | IPPROTO_UDP;
default_rule.fw_nports &= ~0xf0;
default_rule.fw_nports |= sain->sin_port << 4; // destination port
//from any to me
default_rule.fw_flg |= IP_FW_F_DME;
default_rule.fw_flg |= IP_FW_F_DMSK;
error = add_entry(&ip_fw_chain, &default_rule);
}Thanks,
Sathiyaraj
Last edited by a moderator:
