Date: Thu, 05 Oct 2000 21:07:20 +0000 From: Craig Cowen <craig@allmaui.com> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: IPFILTER Question Message-ID: <39DCED87.C7B7FA0B@allmaui.com>
next in thread | raw e-mail | index | archive | help
--------------79612B08DA6CBB83953CBFBD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------79612B08DA6CBB83953CBFBD Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <br>I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. <br>When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules. <p>I have no rules specified for the public interface. <br>The boxen behind the firewall can surf. <p>Is this right and why. <p>Seems to me I have to allow out on the public interface with keep state for it all to work. <br> <pre>-- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com</pre> </html> --------------79612B08DA6CBB83953CBFBD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39DCED87.C7B7FA0B>