Date: Mon, 6 Jul 1998 02:27:23 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Dan Langille <junkmale@xtra.co.nz> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: using IPFW as a firewall Message-ID: <Pine.BSF.3.95.980706021555.11949H-100000@current1.whistle.com> In-Reply-To: <199807060849.UAA17014@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Jul 1998, Dan Langille wrote: > three rules within /etc/rc.firewall must be commented out in order for > some stuff to work. Can anyone educate me as to why these rules > prevent ping, news, mail, etc from running on machines on my home > network? Those section of rc.firewall appear below. What's your local topology? > > --- > # Stop RFC1918 nets on the outside interface > $fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} oif is the outside interface.. 192.168 addresses should never be seen there. > > # Allow TCP through if setup succeeded > $fwcmd add pass tcp from any to any established Allow tcp packets going in any direction if they are not startup packets.B > > # Allow setup of any other TCP connection > $fwcmd add pass tcp from any to any setup I see it's supposed to be after a rule that blocks incoming setup packets. this rule accepts, I cant see how removing it helps anything.. > --- > > I'm also running natd. Where's the best place to put the rules pertaining > to natd? e.g. add divert natd all from any to any via ed0 > I can't put them in rc.firewall as natd doesn't seem to be active at that > time. doesn't matter.. if natd isn't running they effectively become 'drop' rules until it starts up. julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.980706021555.11949H-100000>