On Sat, 22 Apr 2006 16:22:50 +0200, "Konstantin KABASSANOV"
<Konstantin.Kabassanov@lip6.fr> wrote:

>
> > My lockups are unrelated. I'm using neither ath0, ppp0 or any packet
> > filter. Rate of occurance is several time per day.
> > 
> 
> Is your host forwarding ip traffic between different interfaces, or does it
> use libpcap?
> 
Here's my rule set:

	pass in quick on lo0 from any to any

	block in quick from any to any port = 7911
	block in quick from any to any port = 8010
	block out quick from any to any port = 5222
	pass in all

7911 is because I sometimes play with OMAPI, 8010 is to block the file
transfer ability of pkgsrc/chat/psi, and 5222 is to work around a bad
misfeature in earlier versions of psi.

When I'm using ppp over my EVDO card, I add something like these rules in
an ip-up script and delete them in ip-down; the purpose is to prevent the
machine from emitting packets with an incorrect IP address over that link.

	block return-icmp out log on ppp0 from any to any
	block return-rst out log on ppp0 proto tcp from any to any
	pass out on ppp0 from 70.217.43.30 to any

The exact IP address changes, of course.  (This isn't the thread to
describe the problems several of us have had with EVDO cards; Greg Troxel
had the insight that this would help.  While it clearly isn't the whole
explanation, it has helped a lot.  Contact me offlist for details.)

That's it; there are no other rules, interfaces, NAT, etc.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb