Subject: Re: ipf rules
To: Erik Huizing <email@example.com>
From: David Maxwell <firstname.lastname@example.org>
Date: 12/13/2000 17:36:51
On Wed, Dec 13, 2000 at 05:07:11PM -0500, David Maxwell wrote:
> On Wed, Dec 13, 2000 at 01:34:20PM -0700, Erik Huizing wrote:
> > Right now, my ipf rules are
> > block in quick from 172.16.0.0/12 to any
> > block in quick from 10.0.0.0/8 to any
> Since you are Natting, you don't _really_ use those rules right now.
> Not that it's bad to explicitly deny things, but with NAT, you're
> only going to pass in packets that match outgoing connections.
Sorry - I didn't think this through in your setup - normally on
a setup with two ethernets, you would also have rules to block
'normally routable' traffic, destined for your internal networks.
If your cableco/ISP could _force_ 192.168.x.x destined packets at
your 'firewall', it would route them with your current rules. Since
there's no way to add the rule you really need, you need another
ethernet card, as I said before.
David Maxwell, email@example.comfirstname.lastname@example.org -->
If you don't spend energy getting what you want,
You'll have to spend it dealing with what you get.