On Mon, May 04, 2009 at 03:49:58PM -0300, Ricardo Augusto de Souza wrote: > $FW -I INPUT -i $INT_INTRANET -p all -j ACCEPT > $FW -I OUTPUT -o $INT_INTRANET -p all -j ACCEPT > $FW -I FORWARD -o $INT_INTRANET -i $INT_INTRANET -p all -j ACCEPT > $FW -t nat -I PREROUTING -i $INT_INTRANET -p all -j ACCEPT > $FW -t nat -I POSTROUTING -o $INT_INTRANET -p all -j ACCEPT > $FW -t nat -I OUTPUT -o $INT_INTRANET -p all -j ACCEPT
Ah, good... that's what I was hoping to see :) > -----Mensagem original----- > De: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Em nome de Mark > Shroyer > Enviada em: segunda-feira, 4 de maio de 2009 15:34 > Para: misc@openBSD.org > Assunto: Re: Migration from IPTABLES to PF > > [...] > > Is that actually all there is to the firewall setup? > > This script creates a bunch of chains for performing various actions on > packets, but it doesn't actually add any rules to the filter table's > special INPUT, OUTPUT, or FORWARD chains that would jump processing > logic through these auxiliary chains. So unless there are some other > iptables commands hidden somewhere else, the logic defined in this > script will never be applied and your "firewall" will simply let > everything through. > > What is the output of `iptables -L -n` on this machine? -- Mark Shroyer http://markshroyer.com/contact/
