DragonFly BSD
DragonFly users List (threaded) for 2005-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: natd and open firewall problem


From: Bill Hacker <wbh@xxxxxxxxxxxxx>
Date: Sun, 27 Feb 2005 17:08:58 +0800

Matthew Dillon wrote:

I agree... the pass-all should use a fixed, high numbered rule, like
65000. The rule should be added near the beginning of the script,
like it was before, just as a safety precaution in case the script dies
somewhere. I think those are the only real problems. I'm not rabid about placement, lets just get it fixed and committed :-)


-Matt

Tested, but not submitted, the following in /etc/rc.firewall:


- Changed the pass-all rule number from 1 to 65000

- Commented-out previous rule under 'deny_rest', leaving just the label (for now), as this is handled by implicit rule 65535.

Whether 65535 defaults to deny-all or to pass-all is historically set elsewhere, no entry needed in /etc/rc.firewall.
man ipfw.


Result matches FreeBSD 4.X ruleset exactly.

- if that is what the community wishes.

Bill





[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]