From owner-freebsd-security  Fri Oct  6  5: 5:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10])
	by hub.freebsd.org (Postfix) with ESMTP id E0F1D37B502
	for <freebsd-security@FreeBSD.ORG>; Fri,  6 Oct 2000 05:05:38 -0700 (PDT)
Received: (from fpscha@localhost)
	by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA80734;
	Fri, 6 Oct 2000 09:07:17 -0300 (ART)
From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar>
Message-Id: <200010061207.JAA80734@ns1.via-net-works.net.ar>
Subject: Re: IPFILTER Question
In-Reply-To: <39DCED87.C7B7FA0B@allmaui.com> "from Craig Cowen at Oct 5, 2000
 09:07:20 pm"
To: Craig Cowen <craig@allmaui.com>
Date: Fri, 6 Oct 2000 09:07:17 -0300 (ART)
Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Reply-To: Fernando Schapachnik <fpscha@via-net-works.net.ar>
X-Mailer: ELM [version 2.4ME+ PL82 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Why don't you put a deny log rule for the outside iface and see what
happens?

Good luck!

En un mensaje anterior, Craig Cowen escribió:
> 
> I have setup ipf with options  IPFILTER_DEFAULT_BLOCK in my kernel.
> When using ipnat, I have 'pass in on (private interface) from
> 192.168.0.0/24 to any keep state' in my rules.
> 
> I have no rules specified for the public interface.
> The boxen behind the firewall can surf.




Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fernando@via-net-works.net.ar
(54-11) 4323-3333


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message