Le Sun, 11 May 2003 19:02:25 +0200
Pavel Trubl a ecrit :
[...]
> ## block all ##
> block in log all
> block out log all
[...]
> ## TCP ##
> pass out proto tcp from any to any keep state
> # pass in proto tcp from any to any keep state
> 
> 
> When I start ipfilter, it write to log:
> IP Filter: v3.4.27 initialized.  Default = pass all, Logging = enabled
> 
> 
> 1. Why default = pass all? My first rules are 'block'.

The default rule is in-kernel first rule for IPFilter. When you haven't
loaded any rule (between ipf -E and ipf -f), IPFilter uses it to decide if
it should let packets go or not.

It is still used once rules are loaded, to still cover all possible cases.

> 2. All traffic are available with these rules. But I have not defined 
> 'pass in' for tcp/udp'.
>    How rule allow incoming pakets to my pc?

'keep state' makes IPFilter know about connections and pseudo-connections,
so it will open inbound ports accordingly to the outgoing traffic.

-- 
Quentin Garnier - cube@cubidou.net
"Feels like I'm fiddling while Rome is burning down.
Should I lay my fiddle down and take a rifle from the ground ?"
Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002.