On Sun, Dec 12, 1999 at 11:01:31PM +0800, Chan Yiu Wah wrote:
> Hello,
> 
> I am going to config the ipf filter for my i386 system.  however, I am not
> familiar with it.  There are examples in the /usr/share/examples/ipf and I
> am not sure I understand them all.  Can anyone show me the direction to
> read it (e.g. document about the meaning of each token in the examples.).
> Please help.  Thanks.

man ipf.conf - that will give you a very complete explanation of the ipf
syntax. It's a bit overwhelming when you first look at it.

The important bits:

set 'ipfilter=YES' in /etc/rc.conf to make sure ipf is enabled for next
time you boot. Run 'ipf -E' to enable it now without rebooting.

From example.1:

#
# block all incoming TCP packets on le0 from host 10.1.1.1 to any destination.
#
block in on le0 proto tcp from 10.1.1.1/32 to any
 |    |  |  |   |     |   |    |        |  |  |
 |    |  |  |   |     |   |    |        |  |  dest address of packet with
 |    |  |  |   |     |   |    |        |  |  optional netmask. or 'any'.
 |    |  |  |   |     |   |    |        |  \--keyword preceeding dest to
 |    |  |  |   |     |   |    |        |     match.
 |    |  |  |   |     |   |    |        \-netmask for matching src addr.
 |    |  |  |   |     |   |    \-src network/addr to match.
 |    |  |  |   |     |   \-keyword preceeding src to match.
 |    |  |  |   |     \-protocol
 |    |  |  |   \-keyword preceeding protocol
 |    |  |  \-interface
 |    |  \-keyword preceeding interface
 |    \-in or out. filter packet before receipt, or transmission?
 \-Action to take. Block or Pass

The last rule that matches applies, unless you specify 'quick'.

Read the manpage and the examples together. It should be clear then.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Mastery of UNIX, like
mastery of language, offers real freedom. The price of freedom is always dear,
but there's no substitute. Personally, I'd rather pay for my freedom than live
in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville