Mipam <mipam@ibb.net> writes:

>On Sat, Mar 09, 2002 at 01:34:51AM +0100, Matthias Buelow wrote:
>> Hi,
>> 
>> I have the following ipfilter rules on 1.5.3_ALPHA:
>> 
>> pass in all
>> pass out all
>> pass in quick from 127.0.0.1 to any
>> block in quick from any to any port = 515
>> block in quick from !xxx.xxx.xxx.0/255.255.255.0 to any port = 111
>> block in quick from !xxx.xxx.xxx.0/255.255.255.0 to any port = 2049
>> block in quick from !xxx.xxx.xxx.0/255.255.255.0 to any port = 6000
>> 
>> yet finger (port 79) is blocked from the "outside" (i.e., not matching
>> xxx.xxx.xxx.0/255.255.255.0).  I don't understand why, anybody more
>> knowledgable?  From my understanding of the manpage it should all
>> work well.  No blocking rule is there matching port 79.
>> ssh (port 22) can connect to the machine.
>
>Very weird rulebase you have here.
>Its doesnt seem like you need a firewall at all, use a host.deny etc.
>Third rule .... from 127.0.0.1 blabla
>Replace it by pass in quick on lo0
>and you'll also wish pass out quick on lo0

But that's not a reason why port 79 isn't accessible from the outside,
is it?  After all, ssh and ftp connections to the machine are also 
let through the filter, and the filter accepts the ruleset without
complaining.
I'll anyways try with rewriting the ruleset according to your
recommendations and look if it will work out.

>Again though ... i do not see the need to use ipf with such a rulebase.
>Like killing a fly with a cannon. Hosts.deny and allow can help as well.

Except that libwrap isn't used by most software.

--mkb