From owner-freebsd-security  Tue Jul 25 16:37:53 2000
Delivered-To: freebsd-security@freebsd.org
Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44])
	by hub.freebsd.org (Postfix) with ESMTP id 3552637BEC4
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 16:37:50 -0700 (PDT)
	(envelope-from mike@adept.org)
Received: by snafu.adept.org (Postfix, from userid 1000)
	id 86A949EE01; Tue, 25 Jul 2000 16:37:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by snafu.adept.org (Postfix) with ESMTP
	id 838CB9B001; Tue, 25 Jul 2000 16:37:24 -0700 (PDT)
Date: Tue, 25 Jul 2000 16:37:24 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: Stephen Montgomery-Smith <stephen@math.missouri.edu>
Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Problems with natd and simple firewall
In-Reply-To: <Pine.BSF.4.21.0007251622410.28594-100000@snafu.adept.org>
Message-ID: <Pine.BSF.4.21.0007251636060.28594-100000@snafu.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 25 Jul 2000, Mike Hoskins wrote:

> And, along those lines...  Comments on the following, please.  It attempts
> to mimic 'simple' as closely as possible and use compatible terminology  
> for ease of comparison.
> + 	${fwcmd} add allow ip from ${oip} to any keep-state
> + 	${fwcmd} add allow ip from ${inet}:{$imask} to any keep-state

Except for using 'allow' instead of rc.firewall's 'pass'.  Oops.  Well,
except for that, any change suggestions?  If not, could this be added?

-mrh



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message