From owner-freebsd-security  Wed Mar  8 14:52:27 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mailandnews.com (host62-6-92-59.btinternet.com [62.6.92.59])
	by hub.freebsd.org (Postfix) with SMTP id 0033737B5F9
	for <freebsd-security@freebsd.org>; Wed,  8 Mar 2000 14:51:51 -0800 (PST)
	(envelope-from bens_list@mailandnews.com)
Date: Tue, 7 Mar 2000 23:00:57 +0000
From: Ben H <bens_lists@mailandnews.com>
To: freebsd-security@freebsd.org
Subject: Using IPFILTER
Message-ID: <20000307230057.A1357@lust.poo.pants>
Mail-Followup-To: Ben H <bens_lists@mailandnews.com>,
        freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.8i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello all,

i (like im sure many) would like to use IPFILTER (ipf, ipnat) instead
of/aswell as IPFIREWALL (ipf, natd). and i cant get it working.

my KERNEL (well some of it) looks like:

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about stuff
options         IPFIREWALL_FORWARD      #enable transparent proxy support
options         IPDIVERT                #divert sockets

options         IPFILTER                #kernel ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         IPSTEALTH               #support for stealth forwarding


options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST
options         "ICMP_BANDLIM"                  #Limit icmp bandywitdh

ive tried removing IPFIREWALL but it complains about lack of ip services (i
cant remember as i havent tried for a while due to non wanting downtime)

i have all the required programs and sources, i even tried using the
ipf-fil3.x.x.tar.gz but to no avail.

so could someone who is more compentant spare the time to tell me what i
need where to get it going. the rules and things im okay mainly due to
OpenBSD experince...

tankoo

PS i hope/think this is the correct list..

--
Ben,                                       <Bro_evil(at)innocent(dot)com>
"Doing the wrong thing for the right reasons is better than doing
                                   the right thing for the wrong reasons"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message