Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Aug 2000 01:38:06 +0200
From:      Bernhard Valenti <bernhard.valenti@gmx.net>
To:        freebsd-stable@freebsd.org
Subject:   natd & rc.firewall
Message-ID:  <20000830013805.A68336@cipher.home.at>

next in thread | raw e-mail | index | archive | help
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
# 
case ${firewall_type} in
[Ss][Ii][Mm][Pp][Ll][Ee])
        ;;
*)
        case ${natd_enable} in
        [Yy][Ee][Ss])
                if [ -n "${natd_interface}" ]; then
                        ${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
                fi
                ;;
        esac
esac


this will add the natd rule also if you set ${firewall_type} to a filename.
i think thats not good, cause i use natd in the seperate ipfw rule file to.
( and i think so do others ) 

# the divert rule should be put to a
# different place to not interfere with address-checking rules.

( this is not possible without modifying rc.firewall, and the reason i use an external ipfw rule file is that i dont have to touch rc.firewall :)

its not a big deal, but i think it should be changed.

regards,
bernhard valenti


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000830013805.A68336>