Berkeley CSUA MOTD:Entry 12105
Berkeley CSUA MOTD
2018/03/18 [General] UID:1000 Activity:popular

2004/2/5 [Computer/Networking, Computer/SW/WWW/Browsers, Computer/SW/Security] UID:12105 Activity:nil
2/4     Since ipfw rules does not care which program is making the outbound
        access, how do I block, say all outgoing traffic except that generated
        by ssh and mozilla?
        \_ That's not really what ipfw does.  Block all outbound traffic
           destined for ports other than 80, 443 and 22.
           \_ Okay, is there a way to block based on program name in FreeBSD?
              (I heard ZoneAlarm Pro does that, but it only runs on windows?)
              \- there are some sort of hairy ways to do with with
                 fbsd involving complicated jail setups. with linux i suppose
                 you can try grsecurity. solaris-next is supposed to have much
                 finer-grain control but i'm not the best person here to talk
                 about that. what about traffic genreated by say your resolver
                 routines? --psb
                 \_ ob"we don't need no stinkin resolver routines!"
2018/03/18 [General] UID:1000 Activity:popular

You may also be interested in these entries...
2005/1/14-17 [Computer/Networking] UID:35720 Activity:nil
1/14    I am trying to use DI-604 as a firewall but it comes with zero doc.
        about ipfw rules.  The firewall rules has only one port specification.
        Does it refer to the wan or lan?  Are the rules stateful or static?
2004/12/28-29 [Computer/Networking] UID:35459 Activity:low
12/28   How can I find out the IP addresses of the machine that a program is
        running on? I know one way is just to gethostname() and then do a
        gethostbyname() on that. But that relies on the resolver. Ideally,
        I'd like to do it the way 'ifconfig' does it (which AFAICT doesn't
        rely on the resolver), but I haven't been able to track down yet
        exactly how it does it. Thanks.
2004/12/2-4 [Computer/Networking] UID:35157 Activity:moderate
12/2    I used the "ShieldUp" website to probe my Mac and it shows that port 0
        and 1 are replying to outside query to say they are closed instead of
        just playing deaf like the other lower ports do.  I did not single
        out port 0 and 1 in the ipfw rules I use.  What rules should I use to
        close this loophole?
        \_ First off, don't use random pages like that, as Steve Gibson is
2004/5/9-10 [Computer/Networking, Computer/SW/OS/FreeBSD] UID:30119 Activity:moderate
5/9     Sometimes I need to upload large files on my 1500k/192k aDSL. This
        totally kills my Internet usability. Is there any uber cool BSD/Darwin
        tool that will let me throttle a particular socket? If I could just
        limit my FTP to something like 128k... tnx
        \_ rsync --bwlimit=KBPS ...
        \_ man ipfw
2003/9/4 [Computer/SW/OS/FreeBSD] UID:10072 Activity:nil
9/4     Does anyone know whether there's a way to use interface names
        in an ipfilter/ipnat configuration, as opposed to an interface's IP
        address?  -John
        \_ With ipfw there was, and I think ipf has a way to.  Must dig some.
           ... with pf (openbsd) it is very simple.
2003/6/27 [Computer/SW/OS/Linux] UID:28849 Activity:high
6/26    This command is hanging on my RH linux box:
        ping -c 1 -t 1
        It doesn't hang from here on timeout.   What should i do?
        \_ you are setting your TTL to 1 hop? why would you do that?
           you are basically saying "if you have to go through more than
           1 router, die.." and im sure yahoo is at least 5 hops away.
2002/2/21-22 [Computer/HW/CPU] UID:23938 Activity:high
2/21    reposting my question.  Is it possible to filter gige traffic
        with freebsd on x86?  Can the fastest pentium out there do that?
        I'm talking about running ipfw or ACLs.  Please do not turn this
        question into a troll on linux vs freebsd.  Thanks.
        \_ Processor speed is definitely not your problem.  I think you may
           run into problems where gige would overwhelm the PCI bus.  Not
2001/12/11-12 [Computer/Networking] UID:23208 Activity:moderate
12/07   I'm a big lazy wimp who has been spoiled by the nice easy
        GUI that comes with Firewall one.  Anyone know a nice
        easy gui frontend for managing netfilter/ipfw rules?
        \_ vi
        \_ \
2001/10/19-20 [Computer/Networking, Computer/SW/OS/FreeBSD] UID:22779 Activity:very high
10/19   Home Gateway recommendations wanted. I am thinking of getting
        a NetGear RP114. I use Pacbell DSL (dhcp not static ip). Any
        pros/cons to using this model? Is there a better one within
        the same price range? (approx $120). thanks.
        \_ I use a Linksys for around $98.  It has firewall, IPSEC
           support, 10/100 support.  No "parental control" though.
2001/2/26-27 [Computer/Networking] UID:20703 Activity:very high
2/26    Is it possible to use ipfw in *BSD to let users do FTP gets but not
        FTP puts?  I'm being asked to let people get stuff from the internet
        but not let them send anything out.  If ipfw can't do it, how about a
        commercial firewall like Cisco PIX or Checkpoint?  Thanks.
           \_ Checkpoint can't. I don't know about PIX, it might have
              tcp payload inspection.