DragonFly users List (threaded) for 2005-02
Re: natd and open firewall problem
Matthew Dillon wrote:
I agree... the pass-all should use a fixed, high numbered rule, like
65000. The rule should be added near the beginning of the script,
like it was before, just as a safety precaution in case the script dies
somewhere. I think those are the only real problems. I'm not rabid
about placement, lets just get it fixed and committed :-)
Tested, but not submitted, the following in /etc/rc.firewall:
- Changed the pass-all rule number from 1 to 65000
- Commented-out previous rule under 'deny_rest', leaving just the label
(for now), as this is handled by implicit rule 65535.
Whether 65535 defaults to deny-all or to pass-all is historically set
elsewhere, no entry needed in /etc/rc.firewall.
Result matches FreeBSD 4.X ruleset exactly.
- if that is what the community wishes.