|
||||||||
A third from me. Been thinking about this lately. Mat Robert Rich wrote: > I'll second that question! > > Angus Jordan wrote: > >> Hello all, >> >> I sent this message yesterday but didn't get a reply. Perhaps it was >> missed. I will ask the question again: >> >> On my production FreeBSD VPN machine I am running ipfw as the >> firewall. I have about 6 site-to-site vpn's going in and out of this >> box. They are all attached to external clients >> that I don't really want to give total access to my network. I would >> like to replace this box with m0n0wall. >> >> From the documentation on m0n0wall, I've gleaned that you cannot use >> the firewall to limit access to specific machines if using the IPSEC >> vpn. This seems strange to me, as I've beeing doing this for ages. >> >> I used the /exec.php page to load the ipfw module, and did some tests >> of my own. It seems that ipfw can block this access just fine. Is >> there no way at all of having ipfilter do the same thing? I was using >> a rule in ipfw such as this: >> >> ipfw add allow all from 10.2.1.5 to 10.3.1.7 >> ipfw add deny all from 10.2.0.0/16 to any >> >> This seems to block the traffic just fine. Is there a workaround to >> make ipfilter work like this? >> >> Any input is appreciated. >> >> Thanks, >> Angus >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |