From owner-freebsd-stable Tue Aug 29 16:38:15 2000 Delivered-To: freebsd-stable@freebsd.org Received: from smtp.wedgev.com (cm57-70.liwest.at [212.33.57.70]) by hub.freebsd.org (Postfix) with ESMTP id B47C137B424 for ; Tue, 29 Aug 2000 16:38:10 -0700 (PDT) Received: from wedge by smtp.wedgev.com with local (Exim 3.13 #1 (FreeBSD)) id 13TuxC-000HmV-00 for ; Wed, 30 Aug 2000 01:38:06 +0200 Date: Wed, 30 Aug 2000 01:38:06 +0200 From: Bernhard Valenti To: freebsd-stable@freebsd.org Subject: natd & rc.firewall Message-ID: <20000830013805.A68336@cipher.home.at> Reply-To: Bernhard Valenti Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD i386 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG # For ``simple'' firewall type the divert rule should be put to a # different place to not interfere with address-checking rules. # case ${firewall_type} in [Ss][Ii][Mm][Pp][Ll][Ee]) ;; *) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} fi ;; esac esac this will add the natd rule also if you set ${firewall_type} to a filename. i think thats not good, cause i use natd in the seperate ipfw rule file to. ( and i think so do others ) # the divert rule should be put to a # different place to not interfere with address-checking rules. ( this is not possible without modifying rc.firewall, and the reason i use an external ipfw rule file is that i dont have to touch rc.firewall :) its not a big deal, but i think it should be changed. regards, bernhard valenti To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message