Date: Mon, 6 Nov 2000 23:12:34 +0100 (CET) From: Maarten van Schie <AnEra@dds.nl> To: Chris BeHanna <behanna@zbzoom.net> Cc: FreeBSD-Stable <stable@FreeBSD.ORG> Subject: Re: Strange latency? Was: 4.1.1-Stable Message-ID: <Pine.BSF.4.21.0011062308180.271-100000@oT.o8.com> In-Reply-To: <Pine.BSF.4.21.0011061136160.39924-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hmmm.. I have been playing around with IPFILTER but didn't apply anything. > > The docs tell IPFILTER accepts anything unless specified otherwise, that > > implied to me that when and if the IPFILTER options are compiled into > > kernel you won't notice they are there.. (but obviously they do show?) > > Does IPFILTER allow you to flip the default to deny? I use ipfw, Don't know about the default, but you can ofcourse deny everything. > and am therefore not that familiar with IPFILTER. Having just gone > through the exercise of setting up a home LAN this weekend, I'll tell > you this much: your "prevent others' RFC 1918 nets from leaking in to > my net" rules should precede your NAT rule, and then should be > followed by your "prevent my RFC 1918 nets from leaking out to the > world" rule. You also need to pass packets to and from port 53 to > allow DNS queries to go out (and their responses to come back). That > pass rule can follow your "prevent my RFC 1918 nets from leaking out" > rule. Sorry, but I do not see the relevance with(or should that be 'to'?) this thread. Maarten. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011062308180.271-100000>