OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Saad Kadhi (Tech Accnt) (bsdguynoos.fr)
Date: Thu Feb 01 2001 - 14:35:36 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi Ken,

    Ken wrote:

    > Rules lower int he list take precidence over rules higher in the
    > list... so the 'block in on dc0 any to any' at the bottom of the list over
    > rides the 'pass in quick on dc0 from any to any port = 20' at the top of
    > the list. man ipf(8) and see /usr/share/ipf/example.* for more information
    Are you sure about that ? I thought that the 'quick' keyword bypass this
    sort of behavior and when a rule matches with 'quick', ipf stops
    processing the remaining rules ...

    Saad.

    >
    > -Ken
    >
    > ---
    > "Lie, Damned Lies, And Micro$oft Press Releases" - Tilda, From TechTV
    >
    > On Thu, 1 Feb 2001, Alex Le Fevre wrote:
    >
    >
    >> I've got a 2.8 box set up at home providing NAT for a
    >> few Windows users. My ruleset is as follows:
    >>
    >> pass out quick on lo0
    >> pass in quick on lo0
    >> pass in quick on dc0 from any to any port = 20
    >> pass in quick on dc0 from any to any port = 21
    >> pass in quick on dc0 from any to any port = 22
    >> pass in quick on dc0 from any to any port = 25
    >> pass in quick on dc0 from any to any port = 43
    >> pass in quick on dc0 from any to any port = 53
    >> pass in quick on dc0 from any to any port = 80
    >> pass in quick on dc0 from any to any port = 110
    >> pass in quick on dc0 from any to any port = 443
    >> pass in quick on dc0 from any to any port = 10000
    >> pass in on dc0 from any to any
    >> pass out quick on dc0 from any to any
    >>
    >> The problem is, when I attempted to change the
    >> second-to-last line to "block in quick on dc0 from any
    >> to any", thus essentially denying anything not on the
    >> above listed ports, nothing gets in at all. I'm
    >> particularly confused by this, since it's almost
    >> exactly like the example on the FAQ.
    >>
    >> Can anyone tell me what I'm doing wrong?
    >>
    >> Thanks,
    >> Alex Le Fevre
    >>
    >> __________________________________________________
    >> Get personalized email addresses from Yahoo! Mail - only $35
    >> a year! http://personal.mail.yahoo.com/
    >> 

    -- 
### Saad Kadhi -- Network & Security Engineer ###
\|/ ____ \|/
~-/ oO \-~
/_( \__/ )_\
    \__U_/