From owner-freebsd-security  Thu Oct  5 17:23:33 2000
Delivered-To: freebsd-security@freebsd.org
Received: from allmaui.com (server25.aitcom.net [208.234.0.10])
	by hub.freebsd.org (Postfix) with ESMTP id 18E2C37B502
	for <freebsd-security@FreeBSD.ORG>; Thu,  5 Oct 2000 17:23:31 -0700 (PDT)
Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203])
	by allmaui.com (8.8.8/8.8.5) with ESMTP id UAA30399
	for <freebsd-security@FreeBSD.ORG>; Thu, 5 Oct 2000 20:23:29 -0400
Message-ID: <39DCB90A.A32DC570@allmaui.com>
Date: Thu, 05 Oct 2000 17:23:23 +0000
From: Craig Cowen <craig@allmaui.com>
X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: ipfilter rules question
Content-Type: multipart/alternative;
 boundary="------------8F20AEF3C6961C2E5C99EE73"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--------------8F20AEF3C6961C2E5C99EE73
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I have setup ipf with options  IPFILTER_DEFAULT_BLOCK in my kernel.
When using ipnat, I have 'pass in on (private interface) from
192.168.0.1 to any keep state' in my rules.

I have no rules specified for the public interface.
The boxen behind the firewall can surf.

Is this right and why.

Seems to me I have to allow out on the public interface with keep state
for it all to work.


--
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com



--------------8F20AEF3C6961C2E5C99EE73
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
I have setup ipf with options&nbsp; IPFILTER_DEFAULT_BLOCK in my kernel.
<br>When using ipnat, I have 'pass in on (private interface) from 192.168.0.1
to any keep state' in my rules.
<p>I have no rules specified for the public interface.
<br>The boxen behind the firewall can surf.
<p>Is this right and why.
<p>Seems to me I have to allow out on the public interface with keep state
for it all to work.
<br>&nbsp;
<pre>--&nbsp;
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com</pre>
&nbsp;</html>

--------------8F20AEF3C6961C2E5C99EE73--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message