Quoting "Ryan A. Krenzischek" <[EMAIL PROTECTED]>: > > I think you are missing the "-" character: > > #!/sbin/ipf -Fa -f - > > and > > #!/sbin/ipnat -CF -f - > > Ryan
thanks for your input! unfortunately, this was tried as well and didn't seem to work ... what follows are rules setup specifically for testing this scenario (they are obviously not production rules so don't bother laughing too hard): tdns1# cat /etc/ipnat.rules #!/sbin/ipnat -CF -f - rdr xl0 0.0.0.0/0 port 12345 -> 127.0.0.1 port 22 tdns1# /etc/ipnat.rules ipnat: illegal option -- Usage: /sbin/ipnat [-CFhlnrRsv] [-f filename] tdns1# vi /etc/ipnat.rules tdns1# head -n1 /etc/ipnat.rules #!/sbin/ipnat -CF -f tdns1# /etc/ipnat.rules ipnat: illegal option -- Usage: /sbin/ipnat [-CFhlnrRsv] [-f filename] tdns1# cat /etc/ipf.rules #!/sbin/ipf -Fa -f - pass in log quick proto tcp from any to 127.0.0.0/8 port = 22 flags S keep state pass in quick on lo0 all pass out quick on lo0 all block in log all block out all pass in log quick proto udp from any to 0.0.0.0/0 port=53 keep state pass out quick proto icmp from any to any keep state pass out quick proto tcp/udp from any to any keep state keep frags tdns1# ipf -Fa -f /etc/ipf.rules tdns1# ipfstat -i pass in log quick proto tcp from any to 127.0.0.0/8 port = ssh flags S/FSRPAU keep state pass in quick on lo0 all block in log all pass in log quick proto udp from any to any port = domain keep state pass in log quick proto udp from any to any port = xns-ch keep state tdns1# /etc/ipf.rules tdns1# ipfstat -i empty list for ipfilter(in) tdns1# vi /etc/ipf.rules tdns1# head -n1 /etc/ipf.rules #!/sbin/ipf -Fa -f tdns1# /etc/ipf.rules tdns1# ipfstat -i empty list for ipfilter(in) -- Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon?
