Date: Thu, 05 Oct 2000 18:00:43 +0000 From: Craig Cowen <craig@allmaui.com> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: scanner@jurai.net, freebsd-security@FreeBSD.ORG Subject: Re: Default Deny Message-ID: <39DCC1CB.5FDD7F90@allmaui.com> References: <200010060056.LAA11152@cairo.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--------------ABCD0CD1D34BCD2C0E0A3EC7 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Would either of you take a moment from your bantering to answer a question I posted please? I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. Darren Reed wrote: > In some mail from scanner@jurai.net, sie said: > > > > On Fri, 6 Oct 2000, Darren Reed wrote: > > > > > You're assuming I have setup access to cvs for FreeBSD for everywhere that > > > I have access/accounts and that it'll still be on my mind when I'm in a > > > position to do so. > > > > You have no boxes with your CVS tree running SSH? > > Read what I said and then think about it rather than sending > off a mindless reply. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------ABCD0CD1D34BCD2C0E0A3EC7 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> Would either of you take a moment from your bantering to answer a question I posted please? <p>I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. <br>When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules. <p>I have no rules specified for the public interface. <br>The boxen behind the firewall can surf. <p>Is this right and why. <p>Seems to me I have to allow out on the public interface with keep state for it all to work. <br> <p>Darren Reed wrote: <blockquote TYPE=CITE>In some mail from scanner@jurai.net, sie said: <br>> <br>> On Fri, 6 Oct 2000, Darren Reed wrote: <br>> <br>> > You're assuming I have setup access to cvs for FreeBSD for everywhere that <br>> > I have access/accounts and that it'll still be on my mind when I'm in a <br>> > position to do so. <br>> <br>> You have no boxes with your CVS tree running SSH? <p>Read what I said and then think about it rather than sending <br>off a mindless reply. <p>To Unsubscribe: send mail to majordomo@FreeBSD.org <br>with "unsubscribe freebsd-security" in the body of the message</blockquote> <pre>-- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com</pre> </html> --------------ABCD0CD1D34BCD2C0E0A3EC7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39DCC1CB.5FDD7F90>