Manualshelf

User manual

ManualsBrandsAlvarion ManualsNetworkingBreezeNET B300 GigE
191192193194195196197198199200
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)
Alvarion BreezeNET B130/B300 GigE 183 Operational User Manual
All subnets of an inner network, including a host address innerhost, are owned by
the one network (or a network group). Let's imagine that outer network has no
hosts which are within the range set up for the inner network. Therefore, all the
packets that are accepted via rf5.0 interface of the device with firewall run on it
and have the source address which is in the range of addresses of the inner
network must be blocked. The following command can perform this action:
ipfw add rf5.0 reject all from innerhost/16 to 0/0
Compared to all previous examples this filter will be applied only to those packets
which come through rf5.0 interface. Packets which come through any other
interface ill not be blocked (in the example the inner network has addresses of the
B class.
As an additional security measure it makes sense to block all packets with source
address from the loopback network (127.0.0.0):
ipfw add rf5.0 reject all from 127.0.0.0/8 to 0/0
Filtering TCP connections
TCP/IP clients normally use port numbers between 900 and 5000 inclusive,
leaving port numbers below 900 and above 5000 for servers. The following pair of
filters will bar access to your servers for any outside clients (assuming that all
Figure 4-9: IP Spoofing