On Monday, Nov 18, 2002, at 10:47PM, Manuel Bouyer <bouyer@antioche.eu.org> wrote:

>On Mon, Nov 18, 2002 at 01:22:19AM -0800, Daniel Eggert wrote:
>> Im running NAT and have a private subnet 192.168.0.0/24, but in contrast to the case usually described in the documentation, my private subnet is _not_ trusted.
>> 
>> My question: How should I set up my ipf rules for the nic that connects the 192.168.0.0/24 network? I want to allow all traffic to my ISP, but nothing to my NetBSD box.
>> 
>> I have set up the rules to block all unwanted traffic comming in from my ISP. That part works like a charm.
>
>Just do the same on the other part: copy the rules, change the interface
>name and IP address.
>

OK. maybe it's just too simple, but I though that if I block packets going in on my private network, nothing from the private network would be able to pass out to my ISP. Is NAT and routing done before IPF (and hence passes by those ipf.conf rules?).

Where would I find more info about how exactly IPNAT and IPF fit together? The 'standard' ipf documentation doesn't give much info about this.

Thanks,

Daniel