Date: Wed, 3 Apr 2002 13:04:28 +0200 From: Ramses van Pinxteren <ramses.van.pinxteren@cmg.nl> To: freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: IPF and Nat question Message-ID: <395ABDBC0952D211BB2A00104BB3F93906A1ACE1@nl-amv-mail03.cmg.nl>
next in thread | raw e-mail | index | archive | help
Hello question solvers around the world, I have a problem with my firewall... I think (suspect) there is something wrong with the ordening of the rules but I am nog sure. can you pease take a look at it and shoot me for the most stupid errors ever made?? The problem I have is when I load the firewall Nat will not work anymore :-( does anyone have a suggesion?? ############################# # # Start firewall by blocking all incomming traffic # ############################# block in on xl0 all block in quick on xl0 proto icmp from any to 80.252.225.121/32 icmp-type 0 block in quick on xl0 proto icmp from any to 80.252.225.121/32 icmp-type 11 block in quick on xl0 proto icmp from any to any # The pass rules... #allow in FTP pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 20 flags S keep state keep frags pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 21 flags S keep state keep frags #allow in SSH pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 22 flags S keep state keep frags #allow in SMTP pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 25 flags S keep state keep frags #allow in DNS pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 53 flags S keep state keep frags pass in quick on xl0 proto udp from any to 80.242.225.121/32 port = 53 flags S keep state keep frags #allow in WEB pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 80 flags S keep state keep frags #allow in CHAT pass in quick on xl0 proto tcp from any to 80.242.225.121/32 port = 8000 flags S keep state keep frags block out on xl0 all # Only allow TCP, UDP and ICMP traffic out pass out quick on xl0 proto tcp from 80.242.225.121/32 to any keep state pass out quick on xl0 proto udp from 80.242.225.121/32 to any keep state pass out quick on xl0 proto icmp from 80.242.225.121/32 to any keep state #internal interface pass in quick on rl0 from any to any pass out quick on rl0 from any to any #Local loopback pass in quick on lo0 from any to any pass out quick on lo0 from any to any I have compiled my kernel with default blocking enabled. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?395ABDBC0952D211BB2A00104BB3F93906A1ACE1>