From owner-freebsd-questions@FreeBSD.ORG Tue Nov 30 16:00:26 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AEE516A513 for ; Tue, 30 Nov 2004 16:00:26 +0000 (GMT) Received: from jeremino.homeunix.net (jeremino.xs4all.nl [80.126.224.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id C86A443D55 for ; Tue, 30 Nov 2004 16:00:25 +0000 (GMT) (envelope-from kees@jeremino.homeunix.net) Received: from jeremina.homeunix.net ([10.0.0.5]) by jeremino.homeunix.net with esmtp (Exim 4.42) id 1CZAQS-000PIL-EK for freebsd-questions@freebsd.org; Tue, 30 Nov 2004 17:00:24 +0100 From: Kees Plonsz Organization: not organized To: freebsd-questions@freebsd.org Date: Tue, 30 Nov 2004 17:00:20 +0100 User-Agent: KMail/1.7 References: <20041127215612.GA86416@dogma.freebsd-uk.eu.org> <20041129151407.GA74785@ei.bzerk.org> <20041130143721.GA29674@dogma.freebsd-uk.eu.org> In-Reply-To: <20041130143721.GA29674@dogma.freebsd-uk.eu.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200411301700.20267.kees@jeremino.homeunix.net> Subject: Re: Is this a hole in my firewall? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Nov 2004 16:00:26 -0000 On Tuesday 30 November 2004 15:37, Jonathon McKitrick wrote: > On Mon, Nov 29, 2004 at 04:14:07PM +0100, Ruben de Groot wrote: > : > : allow ip from ${INTERNAL_NET} to any keep-state out xmit tun0 > : > : > : > : where INTERNAL_NET would be e.g. 192.168.0.0/24 > > I was checking out the man page, and I'm a little unclear on whether I want > 'xmit' or 'via' in this rule. Does it make much of a practical difference? If you want to check your firewall with a scan from "nmap", go to: http://jeremino.homeunix.net/portscan.php