Date: Thu, 05 Oct 2000 17:23:23 +0000 From: Craig Cowen <craig@allmaui.com> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: ipfilter rules question Message-ID: <39DCB90A.A32DC570@allmaui.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.1 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com [-- Attachment #2 --] <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. <br>When using ipnat, I have 'pass in on (private interface) from 192.168.0.1 to any keep state' in my rules. <p>I have no rules specified for the public interface. <br>The boxen behind the firewall can surf. <p>Is this right and why. <p>Seems to me I have to allow out on the public interface with keep state for it all to work. <br> <pre>-- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com</pre> </html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39DCB90A.A32DC570>