[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] [patch] add ipfw functionality




Say, has anyone had luck using the 'jail prisionID' rule in ipfw?
Example that doesn't wrok for me:
 ipfw add allow ip from any to any jail 10


Here are some sample rules generated by the patched ezjail-admin I mailed...

02001 0   0 allow ip from any to 10.0.0.113 in // inbound example1.monkeybrains.net
02001 0   0 allow ip from 10.0.0.113 to any out // outbound example1.monkeybrains.net
02002 0   0 allow ip from any to 10.0.0.119 in // inbound hello.monkeybrains.net
02002 0   0 allow ip from 10.0.0.119 to any out // outbound hello.monkeybrains.net
02003 0   0 skipto 3000 ip from any to 10.0.0.118 // inbound world.monkeybrains.net
02003 0   0 skipto 3000 ip from 10.0.0.118 to any out // outbound world.monkeybrains.net
02004 0   0 allow ip from any to 10.0.0.122 in // inbound example2008.monkeybrains.net
02004 0   0 allow ip from 10.0.0.122 to any out // outbound example2008.monkeybrains.net
02005 0   0 skipto 4000 ip from any to 10.0.0.115 // inbound beepbeep.monkeybrains.net
02005 0   0 skipto 4000 ip from 10.0.0.115 to any out // outbound beepbeep.monkeybrains.net
02006 0   0 skipto 4050 ip from any to any
03000 0   0 pipe 1 tcp from any to any established
03010 0   0 pipe 1 tcp from any to any dst-port 80,443 in setup
03020 0   0 pipe 1 udp from any to any dst-port 53 out
03020 0   0 pipe 1 udp from any 53 to any in
03030 0   0 pipe 1 ip from 1.1.9.8 to any in
03030 0   0 pipe 1 ip from any to 1.1.9.8 out
03040 0   0 pipe 1 icmp from any to any icmptypes 0,3,4,8,11,12
03050 0   0 deny icmp from any to any
03060 0   0 deny ip from any to any
04000 0   0 pipe 2 tcp from any to any established
04010 0   0 pipe 2 tcp from any to any dst-port 80,443 in setup
04020 0   0 pipe 2 udp from any to any dst-port 53 out
04020 0   0 pipe 2 udp from any 53 to any in
04030 0   0 deny icmp from any to any
04040 0   0 deny ip from any to any