Date: Fri, 23 Oct 1998 05:29:47 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: freebsd-security@FreeBSD.ORG Subject: default rules in rc.firewall cause problem Message-ID: <199810221629.FAA27065@cyclops.xtra.co.nz>
next in thread | raw e-mail | index | archive | help
I've been setting up a firewall using the open model supplied in
/etc/rc.firewall as the basis of our security. I've found that one of the
rules, designed to "# Stop RFC1918 nets on the outside interface" does not
seem to be very useful, at least in my situation. The rule in question is:
$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif}
The subnet is within the 192.168.*.* range. ed1 is the subnet, and ed0 is
the ISP. In order for any traffic to get outside, I need to modify the
above rule to:
$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} out
Does this make sense?
I suspect the other rules will exhibit the same characteristics with their
respective subnets.
--
Dan Langille
DVL Software Limited
The FreeBSD Diary - my [mis]adventures
http://www.FreeBSDDiary.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810221629.FAA27065>