thank you, bob and bruno. Will try all this stuff this weekend, report (hope a 'did it' one) by the sunday. :-)
Many thanks to both, and wait crossing your fingers :-) bob bobing wrote: > That is really odd, your ipf.rules file doesn't match > your ipfstat -i -h. I don't see any 192.168.1.89 in > your file, and yet its in your ipfstat table. :/ > > Well at any rate, your ipf.rules file is a mess. I > would try to rewrite them, Bruno Fernandes has some > great examples (seems to have left out ftp proxy :) ). > Its very important that your filter rules are easy to > understand, so that you don't make a mistake and allow > something you didn't want to allow. > One more thing ipf takes the LAST hit (unless quick > statement is used) so you could say. > > #Generic block everything. > block in from any to any > block out from any to any > block in proto $proto from any to any FLAGS > $badpackets > #allow this stuff. > pass out from $inside to $outside keep state > pass out from $inside to $dmz keep state > etc > etc > > so if a packet comes in that doesn't match a pass rule > it should get blocked (block was the only match) > > > also check this out. > http://www.obfuscation.org/ipf/ > Also look for proxy ftp on this page. > (its part of ipnat) > ipfstat -i -h can be very helpful also. > and watch ipmon when using log statement, it will tell > you the pass/block rule number (again very helpful). > > --- irado furioso com tudo <[EMAIL PROTECTED]> wrote: > >> >>bob bobing wrote: >> >> >>>please paste the output of ipfstat -i -h, ipnat -l >>> >>and >> >>>the contens of your ipfrules file, and ipnatrules >>>file. >>> >>>Just an FYI, ipnat happens before ipf, so your >>> >>rules >> >>>need to be written post nat. >>> >> > > > __________________________________________________ > Do You Yahoo!? > Send FREE Valentine eCards with Yahoo! Greetings! > http://greetings.yahoo.com > > -- sauda��es, irado furioso com tudo. Linux User (SuSE) 179.402 a f� move montanhas. Mas tratores s�o mais eficientes e exigem menos esf�r�o de 'f�', �sse estranho departamento. Afinal, acreditando ou n�o, o trator manda a montanha embora. J� a f�.. cad� o mapa com o antes e o depois?? _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
