Subject: New NetBSD user - using ipfilter
To: None <>
From: Gwilym Evans <>
List: tech-net
Date: 01/20/2001 10:47:26

	Must say I rather like NetBSD so far, just using (most) of the default
setup for a nat through ppp router and I'm just wondering if the following
is possible through ip filters (well, it is, I just don't know how :))

	I'm currently using hosts.deny to tell anything incoming to get stuffed but
of course the port itself still lies open. I'd like a way of making it seem
like every port is closed to the outside world. I realise that some will be
left in a filtered state due to nat sessions, that's ok. It's mainly for the
low numbered service ports.

	FYI- my LAN addys are 192.168.0.x and NIC if is le0. Needless to say my
dialup if is ppp0 ;)

	I tried 'block in quick on ppp0 all keep state' but um... I guess I'm a
little off track. Had to disable/enable filtering to get my connectivity
back :D