Date: Wed, 18 Dec 2002 09:44:37 +1100 (EST) From: =?iso-8859-1?q?Keith=20Spencer?= <bsd2000au@yahoo.com.au> To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> Cc: fbsd <freebsd-questions@freebsd.org> Subject: Re: ipf -> IPFILTER_DEFAULT_BLOCK ...This is not working as predicted! Help? Message-ID: <20021217224437.30028.qmail@web12003.mail.yahoo.com> In-Reply-To: <20021217102839.C52840-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Fi, Here is the Sclacter rule set...mine is identical! But options IPFILTER_DEFAULT_BLOCK blocks everything always! Machine cant adsl pppoe connect etc etc. Any clues? Mine is a new 4.7 release P4 845 chipset machine....................... PS rules are at very end of this message. --- Fernando Gleiser <fgleiser@cactus.fi.uba.ar> wrote: > On Tue, 17 Dec 2002, Keith Spencer wrote: > > > Hi all, > > Marty Schlacter is obviously the man. I am > following > > his firewall tute religiously but I am doing > something > > wrong! > > I have an ipf.rules EXACTLY like his. Works a > > treat...but only if I remove the kernel > > ipfilter_default_block option. > > If it is in there...it blocks way too well. > > Everything. > > What is going on here or has Marty got it all > wrong? > > Are you using the 'quick' keyword? If you don't, ipf > uses a last-match > checking, and the last rule is 'block all' > > See the IPF HOWTO for details. > > +++++++++++ipf.rules++++++++++++++++++++++++++++++ ###################################################### # Inside Interface ##################################################### #---------------------------------------------------------------- # Allow out all TCP, UDP, and ICMP traffic & keep state #---------------------------------------------------------------- pass out quick on ed1 proto tcp from any to any keep state pass out quick on ed1 proto udp from any to any keep state pass out quick on ed1 proto icmp from any to any keep state block out quick on ed1 all #---------------------------------------------------------------- # Allow in all TCP, UDP, and ICMP traffic & keep state #---------------------------------------------------------------- pass in quick on ed1 proto tcp from any to any keep state pass in quick on ed1 proto udp from any to any keep state pass in quick on ed1 proto icmp from any to any keep state block in quick on ed1 all ################################################################# # Loopback Interface ################################################################# #---------------------------------------------------------------- # Allow everything to/from your loopback interface so you # can ping yourself (e.g. ping localhost) #---------------------------------------------------------------- pass in quick on lo0 all pass out quick on lo0 all http://greetings.yahoo.com.au - Yahoo! Greetings - Send your seasons greetings online this year! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021217224437.30028.qmail>