Date: Tue, 29 Feb 2000 21:12:14 -0700 (MST) From: Steve Jorgensen <steve@khoral.com> To: questions@freebsd.org Subject: packet filtering from ppp Message-ID: <200003010412.VAA18392@zen.alb.khoral.com>
next in thread | raw e-mail | index | archive | help
I have a little 16 IP number net, that is connected to the internet via the user ppp on the gateway machine. I'm running on a FreeBSD 3.4-STABLE machine last cvsup'ed about a month ago. Since I have real IP numbers, I'm NOT using the -nat options to ppp, but I would like to use the set filter syntax to protect myself from prying external programs (in fact, I've been getting probed on my samba port for the last couple of weeks from various external ip numbers) Anyway, I set up my rules based on instructions I found in the ppp tutorial at http://www.freebsd.org/tutorials/ppp/x870.html, but I can't seem to get things to work right. The example shown indicates that only the specified services will be allowed to operate through the tun device, and all other packets will be blocked. However, when I run it, it either lets everything through or disallows any new external to internal connections to be started. This behavior is based on the following lines set filter in 6 permit 0/0 MYGATEWAYADDR/24 set filter out 6 permit MYGATEWAYADDR/24 0/0 If I have these two lines set, it doesn't matter if I have any of the other lines in the tutorial, it allows all packets through. If I comment those two lines out, no new external connections can be established. Any help is appreciated, and I can make my full set filter lines available if it's necessary. Steve -- ----------------------------------------------------------- Steven Jorgensen steve@khoral.com steve@spukhaus.com ------------------------------+---------------------------- Khoral Research Inc. | PHONE: (505) 837-6500 6200 Uptown Blvd, Suite 200 | FAX: (505) 881-3842 Albuquerque, NM 87110 | URL: http://www.khoral.com/ ----------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003010412.VAA18392>