Date: Tue, 28 Jun 2005 02:11:16 +1000 From: Norberto Meijome <freebsd@meijome.net> To: freebsd-questions@freebsd.org Subject: Re: IPFILTER Help Message-ID: <42C02524.20805@meijome.net> In-Reply-To: <Pine.GSO.4.58.0506271458550.17911@beatrix> References: <BAY20-F1112781016C0CD68474B29A8EE0@phx.gbl> <Pine.GSO.4.58.0506271458550.17911@beatrix>
next in thread | previous in thread | raw e-mail | index | archive | help
> > One way to resolve this would be to block all SMB/CIFS related traffic > from reaching *out* of your FreeBSD gateway. > Hi, One thing to remember which may not be obvious at first - if you simply drop the packet, the client will wait till it times out, giving you that impression of just hanging/waiting. If instead, you reject the packet with the proper icmp code, the client will fail right away. For traffic from your LAN, you may want to reject rather than drop. For traffic from WAN, you probably want to drop (why give yourself away). check the excellent ipf howto for details. http://www.obfuscation.org/ipf/ipf-howto.pdf http://www.nwo.net/ipf/ipf-howto.html (html format of the pdf) Cheers, Beto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42C02524.20805>