Re: NetBSD Beginners question

["Edson Carlos Ericksson Richter" <edsonrichter%hotmail.com@localhost>]

Thanks, worked like a charm!

Regards,

Edson.

--------------------------------------------------
From: "Cem Kayali / E Ticaret ve Bilisim Teknolojileri" 
<cemkayali%eticaret.com.tr@localhost>
Sent: Wednesday, May 26, 2010 4:01 PM
To: "Edson Carlos Ericksson Richter" <edsonrichter%hotmail.com@localhost>
Cc: <netbsd-users%NetBSD.org@localhost>
Subject: Re: NetBSD Beginners question

> Well, you need to have something similar to this in ipf.conf:
>
> block in all
> pass out keep state
>
>
> Restart ipfilter.
>
> Regards,
> Cem
>
>
> Edson Carlos Ericksson Richter wrote:
> > Hi, all!
> >
> > Resume: Question on how to enable IP filter in my newly installed box.
> >
> > I know this is a very beginner's question, but I'll have to do it.
> > I can't find specific documentation on NetBSD guide about setting up the
> > firewall (there is, for sure, how to configure NAT).
> >
> > Environment: NetBSD running on VirtualPC in WinXP box (I am preparing
> > environment for a complex scenario envolving high availability PostgreSQL
> > databases).
> >
> > ----------------------------------------------------
> > When I run:
> >
> > # ipf -V
> > ipt: IP Filter: v4.1.29 (396)
> > Kernel: IP Filter: v4.1.29
> > Running: yes
> > Log Flags: 0 = none set
> > Default: pass all, Logging: available
> > Active list: 1
> > Feature mask: 0x10e
> >
> > ----------------------------------------------------
> > I have explicit enabled ipfilter in rc.conf:
> >
> > # enable ip filter:
> > ipfilter=YES
> >
> > ----------------------------------------------------
> > But I never get the firewall blocking incoming traffic. My rules are:
> >
> > # cat /etc/ipf.conf
> > pass in log on any all
> > block in log on any all
> >
> > ----------------------------------------------------
> > It's necessary to build a new kernel to do that? Is there no generic 
> > kernel
> > with IPfilter enabled?
> >
> > Thanks for your help,
> >
> > Edson.