Date: Fri, 29 Sep 2000 09:50:13 +0300 From: Ruslan Ermilov <ru@sunbay.com> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: 4.1.1 rc.firewall Message-ID: <20000929095013.A19780@sunbay.com> In-Reply-To: <5.0.0.25.2.20000928134746.00b11eb0@64.20.73.233>; from forrie@forrie.com on Thu, Sep 28, 2000 at 01:48:18PM -0400 References: <5.0.0.25.2.20000928134746.00b11eb0@64.20.73.233>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 28, 2000 at 01:48:18PM -0400, Forrest Aldrich wrote:
> Any reason why these rules are repated (2 times) in /etc/rc.firewall... or
> is it a typo.
>
>
> # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
> # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
> # on the outside interface
> ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
> ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
> ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
> ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
> ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
>
They are not repeated twice, they just broken into two parts, first before NAT,
and second after NAT.
--
Ruslan Ermilov Oracle Developer/DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000929095013.A19780>