netbsd-help: Re: Question about IPFilter and local connections being refused.

Subject: Re: Question about IPFilter and local connections being refused.
To: None <netbsd@purk.ee>
From: Sean J. Schluntz <schluntz@workofstone.com>
List: netbsd-help
Date: 04/09/2002 12:02:51

In message <1343.192.168.3.200.1018378614.squirrel@orav.purk.ee>, netbsd@purk.e
e writes:
>u have rules that allow incoming traffic to certain ports like
>22,143...so on....the first line seems veird:) if u put it at the end
>of rules...then u blocking all unwanted packets?:)
>i have kinda same rules...i allow packets to 80,22,25,143,443..and
>others including icmp are blocked...it works for me:)

IPFilter uses last match insted of first match, so the first rule of
drop all is a catch all rule that only takes affect if no other rule
matches the packet.

See: http://www.netbsd.org/Documentation/network/nsps/config_ipf.html

-Sean