|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ken (krice
research.suspicious.org)Date: Thu Feb 01 2001 - 14:31:34 CST
Rules lower int he list take precidence over rules higher in the
list... so the 'block in on dc0 any to any' at the bottom of the list over
rides the 'pass in quick on dc0 from any to any port = 20' at the top of
the list. man ipf(8) and see /usr/share/ipf/example.* for more information
-Ken
--- "Lie, Damned Lies, And Micro$oft Press Releases" - Tilda, From TechTVOn Thu, 1 Feb 2001, Alex Le Fevre wrote:
> I've got a 2.8 box set up at home providing NAT for a > few Windows users. My ruleset is as follows: > > pass out quick on lo0 > pass in quick on lo0 > pass in quick on dc0 from any to any port = 20 > pass in quick on dc0 from any to any port = 21 > pass in quick on dc0 from any to any port = 22 > pass in quick on dc0 from any to any port = 25 > pass in quick on dc0 from any to any port = 43 > pass in quick on dc0 from any to any port = 53 > pass in quick on dc0 from any to any port = 80 > pass in quick on dc0 from any to any port = 110 > pass in quick on dc0 from any to any port = 443 > pass in quick on dc0 from any to any port = 10000 > pass in on dc0 from any to any > pass out quick on dc0 from any to any > > The problem is, when I attempted to change the > second-to-last line to "block in quick on dc0 from any > to any", thus essentially denying anything not on the > above listed ports, nothing gets in at all. I'm > particularly confused by this, since it's almost > exactly like the example on the FAQ. > > Can anyone tell me what I'm doing wrong? > > Thanks, > Alex Le Fevre > > __________________________________________________ > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ >
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]