Date: Mon, 14 Jan 2002 00:11:56 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: Eric Veraart <eric@monkey-online.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Filtering out problem with IPFilter Message-ID: <20020114001156.F24290@blossom.cjclark.org> In-Reply-To: <3C41A86E.9070909@monkey-online.net>; from eric@monkey-online.net on Sun, Jan 13, 2002 at 04:31:58PM %2B0100 References: <3C41A86E.9070909@monkey-online.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 13, 2002 at 04:31:58PM +0100, Eric Veraart wrote:
> Hello,
>
> I'm running a FreeBSD 4.4p2-RELEASE gateway here with IPFilter. I
> noticed that packets comming in from the network can be filtered and
> blocked, but once they are through I can't filter them with out rules.
> For example;
> I make a rule to pass in all traffic from xl0 to any
> Then I say all traffic out on ep0 is allowed, but on xl1 only a small
> range of addresses can go out. What I notice is that all computers on
> xl0 can go to an address behind xl1. The gateway itself can't go out on
> xl1. It almost seems as if gateway_enable="YES" in rc.conf lets packets
> bypass the out filter. I'm not using NAT.
> This is not a big problem, because I can manage everything through IN
> rules, it's still strange.
Your description is difficult to understand. Post your rules. But this
is not really on-topic for -stable. Redirecting to -questions.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020114001156.F24290>