From owner-freebsd-security  Fri Mar 10 15:48:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from MailAndNews.com (MailAndNews.com [199.29.68.160])
	by hub.freebsd.org (Postfix) with ESMTP id 1DBD137B926
	for <freebsd-security@freebsd.org>; Fri, 10 Mar 2000 15:48:34 -0800 (PST)
	(envelope-from bens_lists@mailandnews.com)
Received: from sacred.poo.pants [213.1.112.36] (bens_lists@mailandnews.com); Fri, 10 Mar 2000 18:48:24 -0500
X-WM-Posted-At: MailAndNews.com; Fri, 10 Mar 00 18:48:24 -0500
Received: (qmail 97916 invoked from network); 7 Mar 2000 23:10:15 -0000
Received: from lust.poo.pants (192.168.0.1)
  by sacred.poo.pants with SMTP; 7 Mar 2000 23:10:15 -0000
Received: (qmail 1367 invoked by uid 1001); 7 Mar 2000 23:00:58 -0000
Date: Tue, 7 Mar 2000 23:00:57 +0000
From: Ben H <bens_lists@mailandnews.com>
To: freebsd-security@freebsd.org
Subject: Using IPFILTER
Message-ID: <20000307230057.A1357@lust.poo.pants>
Mail-Followup-To: Ben H <bens_lists@mailandnews.com>,
	freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.8i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello all,

i (like im sure many) would like to use IPFILTER (ipf, ipnat) instead
of/aswell as IPFIREWALL (ipf, natd). and i cant get it working.

my KERNEL (well some of it) looks like:

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about stuff
options         IPFIREWALL_FORWARD      #enable transparent proxy support
options         IPDIVERT                #divert sockets

options         IPFILTER                #kernel ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         IPSTEALTH               #support for stealth forwarding


options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST
options         "ICMP_BANDLIM"                  #Limit icmp bandywitdh

ive tried removing IPFIREWALL but it complains about lack of ip services (i
cant remember as i havent tried for a while due to non wanting downtime)

i have all the required programs and sources, i even tried using the
ipf-fil3.x.x.tar.gz but to no avail.

so could someone who is more compentant spare the time to tell me what i
need where to get it going. the rules and things im okay mainly due to
OpenBSD experince...

tankoo 

PS i hope/think this is the correct list..

-- 
Ben,                                       <Bro_evil(at)innocent(dot)com>
"Doing the wrong thing for the right reasons is better than doing 
                                   the right thing for the wrong reasons"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message