netbsd-users: Re: ipf problem

Subject: Re: ipf problem
To: None <netbsd-users@netbsd.org>
From: Torsten Sadowski <moehl@akaflieg.extern.tu-berlin.de>
List: netbsd-users
Date: 09/14/2004 14:04:44

As I understand it the following rules allow my intranet access to the
world:
pass out        quick   on ippp0 proto tcp/udp  from 192.168.1.0/8 to any
keep state
pass out        quick   on ippp0 proto icmp     from 192.168.1.0/8 to any
keep state

and I would expect these rules to allow my router access but unfortunately
they don't.
pass out        quick   on ippp0 proto tcp/udp  from 127.0.0.1/32 to any
keep state
pass out        quick   on ippp0 proto icmp     from 127.0.0.1/32 to any
keep state

Is there a possibility to trace the rule processing for packages by the
firewall? ipfstat -t show passing packages but gives no hint about blocked
packages.

Torsten

On Tue, 14 Sep 2004, Manuel Bouyer wrote:

>
> Rules on ippp0 to allow traffic from the router to the internet.
>
> --
> Manuel Bouyer <bouyer@antioche.eu.org>
>      NetBSD: 26 ans d'experience feront toujours la difference
> --
>
>