Date: Wed, 09 May 2001 13:10:25 +1000 From: Gregory Bond <gnb@itga.com.au> To: Ian Chilton <ian@ichilton.co.uk> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: IPFW Questions Message-ID: <200105090310.NAA21125@lightning.itga.com.au> In-Reply-To: Your message of Tue, 08 May 2001 23:55:56 %2B0100.
next in thread | raw e-mail | index | archive | help
> 1) Why are the same rules used twice?
> # Stop RFC1918 nets on the outside interface
> ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
> # Stop RFC1918 nets on the outside interface
> ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
They are not the same rules - check closely.
The first stops all packets from outside destined for 10.x addresses. The
second stops all packets on the outside net from 10.x addresses (incoming or
outgoing). NATD has to happen between these two rules in case the user has
10.x addresses on their inside net.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105090310.NAA21125>