Is this a hole in my firewall?
Jonathon McKitrick
jcm at FreeBSD-uk.eu.org
Mon Nov 29 06:45:02 PST 2004
On Mon, Nov 29, 2004 at 03:09:30PM +0100, Ruben de Groot wrote:
: On Mon, Nov 29, 2004 at 01:21:14PM +0000, Jonathon McKitrick typed:
: > On Mon, Nov 29, 2004 at 12:30:20PM +0100, Ruben de Groot wrote:
: > : He's using ppp-nat. So packets from his laptop will first hit rule #300 and
: > : only after that get "nat'ed". I believe this is normal behaviour.
: >
: > Ah, yes. I always forget about ppp-nat.
: >
: > So, then, is this the best way to allow my laptop packets out? Or does it
: > still leave the laptop exposed? I'd like to protect all the machines with
: > one firewall, while keeping it simple, if possible.
:
: Your laptop won't be "exposed" by this. You could however finetune your
: ruleset a little bit by modifying rule 300 to something like:
:
: allow ip from ${INTERNAL_NET} to any keep-state out xmit tun0
:
: where INTERNAL_NET would be e.g. 192.168.0.0/24
Should I also run a firewall on the laptop then, since all traffic to the
laptop is allowed to pass?
jm
--
More information about the freebsd-questions
mailing list