Subject: ipfilter changes in 1.4.2
To: None <email@example.com>
From: Scott Bartram <firstname.lastname@example.org>
Date: 04/23/2000 22:58:40
I just upgraded a router box from 1.4 to 1.4.2. This system has been
running fine for well over a year using ipf and ipnat. The ipf inbound
rules used to filter using the static PPP address obtained from the ISP.
Now it seems that NAT is done before filtering.
a) Is it true that NAT is now done pre-filter? Based on the ipfilter website
it appears to be the case.
b) This seems more likely to open holes since I have to write rules that
allow packets through that have my internal (private) addresses as the
destination or am I missing something?