IPF problems

JJB Barbish3 at adelphia.net
Mon Jul 5 07:57:23 PDT 2004 

You seem to be confused between ipfw and ipf. These are two
different firewall software application which are built into the
FreeBSD operating system.

You may want to read the new rewrite of the Freebsd handbooks
firewall section which is currently available at
www.a1poweruser.com/FBSD_firewall/  which does an far better job of
describing how to configure the and use the 2 different firewall
software applications.

The Freebsd doc group has downloaded this manuscript and working on
it to replace what is currently in the handbook.

The IPFILTER section has been made into an separate manuscript for
release to the open source community where ipfilter is very popular.
It's temporally available from www.a1poweruser.com/FBSD_ipfilter/






-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Gene
Bomgardner
Sent: Monday, July 05, 2004 9:12 AM
To: Freebsd-questions at freebsd.org
Subject: IPF problems

HI

I've recompiled 5.2.1 kernel to include firewall options for natd.
I've
discovered that once I did so,
I can no longer communicate in or out of the fbsd box.
The firewall defaults to accept_all (I checked this)

Then I found that if I disable ipf (i.e. 'ipf -D") I can now
communicate.
>From /etc/rc.conf and /etc/defaults/rc.conf :

ipfilter_enable="NO"            # Set to YES to enable ipfilter
functionality
ipfilter_program="/sbin/ipf"    # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for
ipfilter, see
                                # /usr/src/contrib/ipfilter/rules
for
examples
ipfilter_flags=""               # additional flags for ipfilter

>From /etc/ipf.rules :

pass in all
pass out all

the questions are :

1) If ipfilter_enable is NO, why is it running at all? Is it needed
for nat?
2) Even if it is running, why does it not follow its rules and pass
all?

Any help appreciated. thanks

Gene

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list