In article <200003042231.PAA29712@toad.rmkhome.com>,
	Rick Kelly <rmk@toad.rmkhome.com> writes:
> That is, I would like to use ipfilter on single interface systems to block
> out packets from that particular system. Is this possible, ...

Yes, no problem.

> ... or does ipfilter only work for dual interface firewall/router systems?

A dual interfaces setup is only required for IP NAT.

> Also, it looks like ipfilter doesn't actually pick up the rules file at
> boot up, but rather turns on ipfilter while also flushing the rules out
> of the kernel.

There are no rules in the kernel at boot time. The "ipf -Fa" in "netstart"
ensures that you get the expected behavior after switching from multi to
single user mode and back.

If you security requirements are high you can set the default behaviour of
IPF to block with the kernel option "IPFILTER_DEFAULT_BLOCK". In that
case no IPv4 traffic will be possible until "ipf" has been called.

	Kind regards

-- 
Matthias Scheler                            http://www.sighardstrasse.de/~tron/