Subject: Re: ipf rules
To: David Maxwell <>
From: Erik Huizing <>
List: current-users
Date: 12/13/2000 13:34:20
All the machines on my lan have 192.168.1.x addresses, they all use as their router.
My firewall/server is with as an alias
the NAT rules I've got are like this
map ep0 ->

Right now, my ipf rules are

block in quick from to any
block in quick from to any

pass in proto tcp/udp all
pass out proto tcp/udp all

I'd like to block the 192 block if its comming from the cable modem. I've
only got one NIC in my machine hence the alias. So is it possible for me
to block the 192.168 segment, or do I need another NIC?


The first rule of Fight Club is You Do Not Talk About Fight Club.

// Erik Huizing

On Wed, 13 Dec 2000, David Maxwell wrote:

> On Tue, Dec 12, 2000 at 05:08:26PM -0700, Erik Huizing wrote:
> > I've been reading through the ipf how-to, and can't seem to come up with a
> > rule that's applicable to my situation:
> > My bsd box has one NIC in it, and is performing NAT. I'm able to block the
> > and ranges, but when I add the rule to block
> > block in quick from to any
> > all the machines on my LAN don't work. 
> > So my question is, can I block that range, and still have my LAN
> > connected, or do I need two NICs?
> More information about your actual addresses is required for someone
> to be able to answer that.
> -- 
> David Maxwell,| -->
> (About an Amiga rendering landscapes) It's not thinking, it's being artistic!
> 					      - Jamie Woods