Date: Wed, 30 Aug 2000 01:38:06 +0200 From: Bernhard Valenti <bernhard.valenti@gmx.net> To: freebsd-stable@freebsd.org Subject: natd & rc.firewall Message-ID: <20000830013805.A68336@cipher.home.at>
next in thread | raw e-mail | index | archive | help
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
#
case ${firewall_type} in
[Ss][Ii][Mm][Pp][Ll][Ee])
;;
*)
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
fi
;;
esac
esac
this will add the natd rule also if you set ${firewall_type} to a filename.
i think thats not good, cause i use natd in the seperate ipfw rule file to.
( and i think so do others )
# the divert rule should be put to a
# different place to not interfere with address-checking rules.
( this is not possible without modifying rc.firewall, and the reason i use an external ipfw rule file is that i dont have to touch rc.firewall :)
its not a big deal, but i think it should be changed.
regards,
bernhard valenti
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000830013805.A68336>