From owner-freebsd-stable Mon Mar 26 11:34: 7 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lunatic.oneinsane.net (lunatic.oneinsane.net [66.42.61.27]) by hub.freebsd.org (Postfix) with ESMTP id 392DF37B71A for ; Mon, 26 Mar 2001 11:33:58 -0800 (PST) (envelope-from insane@lunatic.oneinsane.net) Received: by lunatic.oneinsane.net (Postfix, from userid 1000) id 13BCB1555E; Sun, 25 Mar 2001 10:28:34 -0800 (PST) Date: Sun, 25 Mar 2001 10:28:33 -0800 From: Ron 'The InSaNe One' Rosson To: Randy Bush Cc: FreeBSD Stable Subject: Re: ipf idiot wants to roam Message-ID: <20010325102833.A67418@lunatic.oneinsane.net> Reply-To: Ron Rosson Mail-Followup-To: Randy Bush , FreeBSD Stable References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from randy@psg.com on Sun, Mar 25, 2001 at 10:09:25AM -0800 X-Operating-System: FreeBSD lunatic.oneinsane.net 4.2-STABLE X-Moon: The Moon is New X-Opinion: What you read here is my IMHO X-WWW: http://www.oneinsane.net X-GPG-FINGERPRINT: 3F11 DB43 F080 C037 96F0 F8D3 5BD2 652B 171C 86DB X-Uptime: 10:26AM up 5 days, 15:55, 1 user, load averages: 0.00, 0.01, 0.00 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Randy Bush (randy@psg.com) wrote: > [ i can find no list for ipf questions. if folk know of one, please tell > me. ] > > installing ipf on a machine which roams and therefore changes both > interfaces (wi0, ep0, and tun0) and ip addresses. trying to come up > with a ipf.rules as a first time ipf user. help appreciated > > randy > Here is what I use. # Ruleset taken from http://www.obfuscation.org/ipf/ipf-howto.txt # Section 7.1 pass in quick on lo0 all pass out quick on lo0 all block in log all block out all # This allows for AUTH pass in quick proto tcp from any to any port = 113 flags S/SA keep state #This allows for FTP pass in quick proto tcp from any port = 20 to any port 39999 >< 45000 flags S/SA keep state pass out quick proto icmp from any to any keep state pass out quick proto tcp/udp from any to any keep state keep frags I allow 113 because I tend to IRC alot. ;-) TIA -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ Give a man a fish and you feed him for a day; teach him to use the Net and he won't bother you for weeks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message