From owner-freebsd-hackers Mon Aug 17 20:01:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA18407 for freebsd-hackers-outgoing; Mon, 17 Aug 1998 20:01:10 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from awfulhak.org (awfulhak.force9.co.uk [195.166.136.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA18399 for ; Mon, 17 Aug 1998 20:01:05 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from gate.lan.awfulhak.org (brian@localhost [127.0.0.1]) by awfulhak.org (8.8.8/8.8.8) with ESMTP id CAA24847; Tue, 18 Aug 1998 02:30:23 +0100 (BST) (envelope-from brian@gate.lan.awfulhak.org) Message-Id: <199808180130.CAA24847@awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: Arnout Boer cc: hackers@FreeBSD.ORG Subject: Re: PPP filterering problems.. In-reply-to: Your message of "Mon, 17 Aug 1998 16:10:47 +0200." <19980817161047.52771@xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 18 Aug 1998 02:30:23 +0100 From: Brian Somers Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hi! > > A couple of weeks ago I grabbed the latest ppp source. > I installed it and let my FreeBSD server alias for > the network in the background.... with some puzzling and > reading that was not much of a problem. > But the filtering is unclear for me.. > > With the following filter almost nothing comes in.. > I don't have a clue and coulnd't find a extensive > filtering explanation so if anybody can help. > Great... [.....] > # set filter in 0 permit tcp dst eq 113 > # set filter out 0 permit tcp src eq 113 > set filter in 1 permit tcp src eq 23 estab > set filter out 1 permit tcp dst eq 23 > set filter in 2 permit tcp src eq 21 estab > set filter out 2 permit tcp dst eq 21 > set filter in 3 permit tcp src eq 20 dst gt 1023 > set filter out 3 permit tcp dst eq 20 > set filter in 4 permit udp src eq 53 > set filter out 4 permit udp dst eq 53 > set filter in 5 permit icmp > set filter out 5 permit icmp > set filter in 6 permit udp dst gt 33433 > set filter out 6 permit udp src gt 33433 > set filter out 7 permit tcp dst eq 25 > set filter in 7 permit tcp src eq 25 estab > set filter in 8 permit 0/0 192.168.0.1/24 > set filter out 8 permit 192.168.0.1/24 0/0 > set filter in 9 permit udp src eq 22 > set filter out 9 permit udp dst eq 22 > set filter out 10 permit tcp dst eq 22 > set filter in 10 permit tcp src eq 22 > set filter in 11 permit udp src eq 119 > set filter out 11 permit udp dst eq 119 > set filter out 12 permit tcp dst eq 119 > set filter in 12 permit tcp src eq 119 > set filter in 14 permit udp src eq 110 > set filter out 14 permit udp dst eq 110 > set filter out 15 permit tcp dst eq 110 > set filter in 15 permit tcp src eq 110 > set filter in 16 permit udp src eq 194 > set filter out 16 permit udp dst eq 194 > set filter out 18 permit tcp dst eq 194 > set filter in 18 permit tcp src eq 194 > set filter out 19 permit tcp src eq 80 > set filter in 19 permit tcp dst eq 80 [.....] >From the man page: 2. Rule-no is a numeric value between `0' and `19' specifying the rule number. Rules are specified in numeric order according to rule-no, but only if rule `0' is defined. [.....] o Each filter can hold up to 20 rules, starting from rule 0. The en- tire rule set is not effective until rule 0 is defined, ie. the de- fault is to allow everything through. So, you should be letting just about everything in & out :-I -- Brian , , Don't _EVER_ lose your sense of humour.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message