From owner-freebsd-stable Mon Nov 6 14:13: 6 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mail.gelrevision.nl (mail.gelrevision.nl [195.86.58.10]) by hub.freebsd.org (Postfix) with ESMTP id E3A2137B4E5 for ; Mon, 6 Nov 2000 14:12:59 -0800 (PST) Received: from localhost [195.86.231.176] by mail.gelrevision.nl with ESMTP (SMTPD32-6.00) id AC98D29E006A; Mon, 06 Nov 2000 23:11:36 +0100 Date: Mon, 6 Nov 2000 23:12:34 +0100 (CET) From: Maarten van Schie To: Chris BeHanna Cc: FreeBSD-Stable Subject: Re: Strange latency? Was: 4.1.1-Stable In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Hmmm.. I have been playing around with IPFILTER but didn't apply anything. > > The docs tell IPFILTER accepts anything unless specified otherwise, that > > implied to me that when and if the IPFILTER options are compiled into > > kernel you won't notice they are there.. (but obviously they do show?) > > Does IPFILTER allow you to flip the default to deny? I use ipfw, Don't know about the default, but you can ofcourse deny everything. > and am therefore not that familiar with IPFILTER. Having just gone > through the exercise of setting up a home LAN this weekend, I'll tell > you this much: your "prevent others' RFC 1918 nets from leaking in to > my net" rules should precede your NAT rule, and then should be > followed by your "prevent my RFC 1918 nets from leaking out to the > world" rule. You also need to pass packets to and from port 53 to > allow DNS queries to go out (and their responses to come back). That > pass rule can follow your "prevent my RFC 1918 nets from leaking out" > rule. Sorry, but I do not see the relevance with(or should that be 'to'?) this thread. Maarten. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message