# Firewalling jail > host and jail <-> jail traffic



## fishfox (Apr 15, 2019)

I'm using ezjail and IPFW, at least thus far.

So far I have 10.13.13.0/8 subnet.  My gateway is .1, my host server is .2, and my first jail is at .3

I noticed that from within my jail at .3 I can knock on the outside if .2.

I added this rule to my host but it makes no difference:
`add 10032 set 30 deny all from 10.13.13.3 any to me any`

What's the correct way to block jail to host traffic?

Down the line I will be adding more jails -- what's the right way to block inter-jail traffic?

Thanks!


----------

