[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPF Prob

To: Ken <krice@research.suspicious.org>
Subject: Re: IPF Prob
From: "Saad Kadhi (Tech Accnt)" <bsdguy@noos.fr>
Date: Thu, 01 Feb 2001 21:35:36 +0100
Cc: Alex Le Fevre <alexlefevre@yahoo.com>, misc@openbsd.org
References: <Pine.BSO.4.21.0102011527050.17839-100000@research.suspicious.org>
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.18 i686; en-US; m18) Gecko/20001107 Netscape6/6.0

Hi Ken,

Ken wrote:

> Rules lower int he list take precidence over rules higher in the
> list... so the 'block in on dc0 any to any' at the bottom of the list over
> rides the 'pass in quick on dc0 from any to any port = 20' at the top of
> the list. man ipf(8) and see /usr/share/ipf/example.* for more information 
Are you sure about that ? I thought that the 'quick' keyword bypass this 
sort of behavior and when a rule matches with 'quick', ipf stops 
processing the remaining rules ...

Saad.

> 
> -Ken
> 
> ---
> "Lie, Damned Lies, And Micro$oft Press Releases" - Tilda, From TechTV
> 
> On Thu, 1 Feb 2001, Alex Le Fevre wrote:
> 
> 
>> I've got a 2.8 box set up at home providing NAT for a
>> few Windows users. My ruleset is as follows:
>> 
>> pass out quick on lo0
>> pass in quick on lo0
>> pass in quick on dc0 from any to any port = 20
>> pass in quick on dc0 from any to any port = 21
>> pass in quick on dc0 from any to any port = 22
>> pass in quick on dc0 from any to any port = 25
>> pass in quick on dc0 from any to any port = 43
>> pass in quick on dc0 from any to any port = 53
>> pass in quick on dc0 from any to any port = 80
>> pass in quick on dc0 from any to any port = 110
>> pass in quick on dc0 from any to any port = 443
>> pass in quick on dc0 from any to any port = 10000
>> pass in on dc0 from any to any
>> pass out quick on dc0 from any to any
>> 
>> The problem is, when I attempted to change the
>> second-to-last line to "block in quick on dc0 from any
>> to any", thus essentially denying anything not on the
>> above listed ports, nothing gets in at all. I'm
>> particularly confused by this, since it's almost
>> exactly like the example on the FAQ.
>> 
>> Can anyone tell me what I'm doing wrong?
>> 
>> Thanks,
>> Alex Le Fevre
>> 
>> __________________________________________________
>> Get personalized email addresses from Yahoo! Mail - only $35 
>> a year!  http://personal.mail.yahoo.com/
>> 


-- 
### Saad Kadhi -- Network & Security Engineer ###
\|/ ____ \|/
~@-/ oO \-@~
/_( \__/ )_\
    \__U_/

References:
- Re: IPF Prob
  - From: Ken <krice@research.suspicious.org>

Prev by Date: Re: IPF Prob
Next by Date: ipf questions
Prev by thread: Re: IPF Prob
Next by thread: Re: IPF Problem
Index(es):
- Date
- Thread