Date: Thu, 05 Oct 2000 17:23:23 +0000 From: Craig Cowen <craig@allmaui.com> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: ipfilter rules question Message-ID: <39DCB90A.A32DC570@allmaui.com>
next in thread | raw e-mail | index | archive | help
--------------8F20AEF3C6961C2E5C99EE73 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.1 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------8F20AEF3C6961C2E5C99EE73 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. <br>When using ipnat, I have 'pass in on (private interface) from 192.168.0.1 to any keep state' in my rules. <p>I have no rules specified for the public interface. <br>The boxen behind the firewall can surf. <p>Is this right and why. <p>Seems to me I have to allow out on the public interface with keep state for it all to work. <br> <pre>-- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com</pre> </html> --------------8F20AEF3C6961C2E5C99EE73-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39DCB90A.A32DC570>