[ On Sat, June  8, 1996 at 16:38:33 (-0500), Dave Burgess wrote: ]
> Subject: IP  Firewalling and IP Filetering
>
> 3.  I tried to install ip_fil2.3.  It was a complete failure.  This
> package required about eight file updates, half of which were
> invalidated by the ipfirewall additions.  One was just wrong (it was
> looking for something in in_proto.c that I couldn't find.

You should probably try a newer verison of ip-filter.

I posted patches to the ipfilter list for ip_fil3.0.4 that make it work
in NetBSD-1.2-ALPHA (as of about May 20).  There was another set of
patches for 3.1.0alpha posted by Bernd Ernesti <bernd@arresum.inka.de>
just before I posted mine.  His seem to have a different approach than
mine to hooking into the kernel, but that may be due to changes in 3.1.0a.

I can bounce either/both of those patches to anyone who would like to
have a peek at them.

> 5.  IP_Fil2.3 doesn't work at all.  The system slowly grinds to a halt.
> Commenting the "options IPFILTER" allowed the generation of a working
> 1.2 Alpha kernel.  This is a bummer, since I think IP_Fil will give me
> the 'IP Proxy' or 'IP Masquerading' I am looking for.  If anyone has any
> insight into this stuff, drop me a line.

3.0.4 "works" fine for me, *but* I've yet to install a filter more
complex than "pass in all; pass out all".

-- 
							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>