Date: Thu, 13 Dec 2001 11:04:16 +0100 From: Peter Wolkerstorfer <a9203537@unet.univie.ac.at> To: freebsd-questions@freebsd.org Subject: please help on 1(one) ipf rule Message-ID: <3C187D20.E1901AD5@unet.univie.ac.at>
next in thread | raw e-mail | index | archive | help
dear listmembers, i would need some help on ipf problem: ipf firewall with ipnat won't allow to login on itself and won't allow outgoing traffic from itself. form the intranet (192.168.0..0/8) to the internet all works as i wanted. my ipf.rules is: # i have read this should be better for scans block return-rst in log quick on rl1 proto tcp all # i want to block all the rest with this block in quick on rl1 all # this is my not working try of making a ssh-connection to the firewall working pass in quick on rl0 proto tcp/udp from 192.168.0.0/8 to any keep state pass out quick on rl0 proto tcp/udp from 192.168.0.0/8 to any keep state #the rest which seems to work pass out quick on rl1 proto tcp from 192.168.0.0/8 to any keep state pass out quick on rl1 proto udp from 192.168.0.0/8 to any keep state pass out quick on rl1 proto icmp from 192.168.0.0/8 to any keep state my ipnat.rules is: map rl1 192.168.0.0/24 -> 0/32 i would now need one ipf rule which at least allows logging in on the firewall with ssh. it would be better if i could acces the net from the firewall-console, too. THX in advance peter "wolki" wolkerstorfer p.s.: please tell me if i should have asked this in freebsd-security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C187D20.E1901AD5>