From owner-freebsd-questions  Tue Dec 17  6:52:25 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DCBFC37B401
	for <freebsd-questions@freebsd.org>; Tue, 17 Dec 2002 06:52:23 -0800 (PST)
Received: from mail.bellavista.cz (mail.bellavista.cz [62.168.44.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 114B843E4A
	for <freebsd-questions@freebsd.org>; Tue, 17 Dec 2002 06:52:23 -0800 (PST)
	(envelope-from neuhauser@bellavista.cz)
Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10])
	by mail.bellavista.cz (Postfix) with ESMTP
	id 92DAF55; Tue, 17 Dec 2002 16:49:18 +0100 (CET)
Received: by freepuppy.bellavista.cz (Postfix, from userid 1001)
	id 7C1F42FDD84; Tue, 17 Dec 2002 15:52:10 +0100 (CET)
Date: Tue, 17 Dec 2002 15:52:10 +0100
From: Roman Neuhauser <neuhauser@bellavista.cz>
To: freebsd-questions <freebsd-questions@freebsd.org>
Cc: Keith Spencer <bsd2000au@yahoo.com.au>
Subject: Re: ipf -> IPFILTER_DEFAULT_BLOCK ...This is not working as predicted! Help?
Message-ID: <20021217145210.GA45336@freepuppy.bellavista.cz>
Mail-Followup-To: freebsd-questions <freebsd-questions@freebsd.org>,
	Keith Spencer <bsd2000au@yahoo.com.au>
References: <20021217122916.61123.qmail@web12002.mail.yahoo.com> <20021217102839.C52840-100000@cactus.fi.uba.ar>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021217102839.C52840-100000@cactus.fi.uba.ar>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

# fgleiser@cactus.fi.uba.ar / 2002-12-17 10:32:40 -0300:
> On Tue, 17 Dec 2002, Keith Spencer wrote:
> > Marty Schlacter is obviously the man. I am following his firewall
> > tute religiously but I am doing something wrong!
> > I have an ipf.rules EXACTLY like his. Works a treat...but only if I
> > remove the kernel ipfilter_default_block option.
> > If it is in there...it blocks way too well.
> > Everything.
> > What is going on here or has Marty got it all wrong?
> 
> Are you using the 'quick' keyword? If you don't, ipf uses a last-match
> checking, and the last rule is 'block all'
> 
> See the IPF HOWTO for details.

    right. the url: http://www.obfuscation.org/ipf/ipf-howto.html

-- 
If you cc me or remove the list(s) completely I'll most likely ignore
your message.    see http://www.eyrie.org./~eagle/faqs/questions.html

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message