On Sat, 31 May 1997 22:41:20 +1000 
 matthew green <mrg@eterna.com.au> wrote:

 > does this mean the default has changed from pass to block?

I'm not Darren :-), but it certainly looks that way:

fil.c:int       fr_pass = (IPF_DEFAULT_PASS|FR_NOMATCH);
ip_fil.h:#ifndef        IPF_DEFAULT_PASS
ip_fil.h:#define        IPF_DEFAULT_PASS        0

I also really do not like the way IPF_DEFAULT_PASS is used.  It requires
the user lookup a magick flag in a header file... The construct
in fil.c really should look like:

#ifdef IPF_DEFAULT_PASS
int	fr_pass = FR_PASS|FR_NOMATCH;
#else
#ifdef IPF_DEFAULT_BLOCK
int	fr_pass = FR_BLOCK|FR_NOMATCH;
#else
int	fr_pass = FR_NOMATCH;	/* no match -> block */
#endif
#endif

...or something like that...

I personally don't like that the default was changed to "block", since
it makes it a pain for folks using only ipnat.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939