Date: Tue, 18 Dec 2001 14:28:30 +0100 From: Martin Heinen <martin@sumuk.de> To: freebsd-doc@FreeBSD.ORG Subject: Question 6.3 of 'Dialup firewalling with FreeBSD' Message-ID: <20011218142830.A6807@sumuk.de>
next in thread | raw e-mail | index | archive | help
The answer to question 6.3 in 'Dialup firewalling with FreeBSD' states that it is impossible to filter RFC-1918 addresses on the outside interface. Ok, it states 'The simple answer is no.', but the article should provide a long answer. Possible solutions: 1) Include the relevant section from the 'simple' setup of /etc/rc.firewall, that is first stop RFC-1918 nets on the outside interface, then do NAT (divert rule); remove question 6.3. Although this is the correct approach (IMHO), this will double the size of the firewall rulebase and readers may have difficulties to follow the article. 2) The answer to question 6.3 provides the relevant section of /etc/rc.firewall and where to plug it in. 3) We could refer the reader to /etc/rc.firewall but this seems to circumvent the purpose of the article. If no one objects I'll send-pr solution 1). Martin -- Marxpitn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011218142830.A6807>