# disable proxy, works! /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 192.168.251.2 81 # enable web-server, works /sbin/ipfwadm -F -a accept -S e00 -D 192.168.251.2 # disable rest of the world, doesn't work /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 0.0.0.0 why does the last rule not work and connection (http) is possible via masquerading?
Found the solution: /sbin/ipfwadm -F -a reject -P tcp -S e00 -D 0.0.0.0/0 The "/0" was missing, so 0.0.0.0 was interpreted as a single computer, not as a network. Jens Leilich --- jens.leilich@bbst1.lu.rp.schule.de, http://bbst1.lu.rp.schule.de BBS Technik I Ludwigshafen, Franz-Zang-Str. 3-7, 67059 Ludwigshafen Telefon +49 621 504-4110 (Anrufbeantworter) (Answering Machine) +49 621 504-4101 (Sekretariat) Telefax +49 621 504-3789