Site Navigation

Date:      Tue, 18 Aug 1998 02:30:23 +0100
From:      Brian Somers <brian@Awfulhak.org>
To:        Arnout Boer <arnout@xs4all.nl>
Cc:        hackers@FreeBSD.ORG
Subject:   Re: PPP filterering problems.. 
Message-ID:  <199808180130.CAA24847@awfulhak.org>
In-Reply-To: Your message of "Mon, 17 Aug 1998 16:10:47 %2B0200." <19980817161047.52771@xs4all.nl> 

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

> Hi!
> 
> A couple of weeks ago I grabbed the latest ppp source.
> I installed it and let my FreeBSD server alias for
> the network in the background.... with some puzzling and
> reading that was not much of a problem.
> But the filtering is unclear for me..
> 
> With the following filter almost nothing comes in..
> I don't have a clue and coulnd't find a extensive
> filtering explanation so if anybody can help.
> Great...
[.....]
> #   set filter in  0 permit tcp dst eq 113
> #   set filter out 0 permit tcp src eq 113
>    set filter in  1 permit tcp src eq 23 estab
>    set filter out 1 permit tcp dst eq 23
>    set filter in  2 permit tcp src eq 21 estab
>    set filter out 2 permit tcp dst eq 21
>    set filter in  3 permit tcp src eq 20 dst gt 1023
>     set filter out 3 permit tcp dst eq 20
>     set filter in  4 permit udp src eq 53
>     set filter out 4 permit udp dst eq 53
>     set filter in  5 permit icmp
>     set filter out 5 permit icmp
>     set filter in  6 permit udp dst gt 33433
>     set filter out 6 permit udp src gt 33433
>     set filter out 7 permit tcp dst eq 25 
>     set filter in  7 permit tcp src eq 25 estab
>     set filter in  8 permit 0/0 192.168.0.1/24
>     set filter out 8 permit 192.168.0.1/24 0/0
>     set filter in  9 permit udp src eq 22
>     set filter out 9 permit udp dst eq 22
>     set filter out 10 permit tcp dst eq 22
>     set filter in  10 permit tcp src eq 22
>     set filter in  11 permit udp src eq 119 
>     set filter out 11 permit udp dst eq 119 
>     set filter out 12 permit tcp dst eq 119 
>     set filter in  12 permit tcp src eq 119 
>     set filter in  14 permit udp src eq 110 
>     set filter out 14 permit udp dst eq 110 
>     set filter out 15 permit tcp dst eq 110 
>     set filter in  15 permit tcp src eq 110 
>     set filter in  16 permit udp src eq 194 
>     set filter out 16 permit udp dst eq 194 
>     set filter out 18 permit tcp dst eq 194 
>     set filter in  18 permit tcp src eq 194 
>     set filter out 19 permit tcp src eq 80 
>     set filter in  19 permit tcp dst eq 80 
[.....]

>From the man page:


         2.   Rule-no is a numeric value between `0' and `19' specifying the
              rule number.  Rules are specified in numeric order according to
              rule-no, but only if rule `0' is defined.
[.....]
     o   Each filter can hold up to 20 rules, starting from rule 0.  The en-
         tire rule set is not effective until rule 0 is defined, ie. the de-
         fault is to allow everything through.

So, you should be letting just about everything in & out :-I

-- 
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
      <http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808180130.CAA24847>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact