[JunkMail] IPF & DHCP request
Mark Woodson
mwoodson at sricrm.com
Sun Aug 17 15:29:48 PDT 2003
At 09:29 PM 8/17/2003 +0100, geek wrote:
>Hey guys, can u please post (who have) rules with DHCP involved?! because,
>i'm in troube, my firewall doesnt work because because my ipf.rules doesnt
>work and i dont know why!!
>
>When i put in rules "pass in/out all" i have acess to the internet,
>otherwise, with my rules i dont, and i have change them so many times, and
>they didnt work anyway, if anyone can help me:
>
>block in log all
>block out log all
This should be at the end. It's organizationally easiest if you break it
up into by interface. I think is overly restrictive additionally.
>pass in quick on lo0 all
>pass out quick on lo0 all
>
>pass in quick on ep0 all
>pass out quick on ep0 all
>
>
>#Allow internal traffic to outside world
>pass out quick on ep1 proto tcp all keep state
>pass out quick on ep1 proto udp all keep stateuic
>pass out quick on ep1 proto icmp all keep state
>
>
>#Allow traffic from outside
>#DNS
>pass in quick on ep1 proto udp from any to any port = 53 keep state
this really isn't necessary. You've allowed responses to queries by the
pass out on the interface above.
>#DHC# [dhclient]
>pass in quick on ep1 proto udp from any to any port = 68 keep state keep
>fragsP
keep frags is really unnecessary.
I'd recommend the howto at this address.
http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html
-Mark
More information about the freebsd-questions
mailing list