Hi

Further to previous attempts where Rasputin helped me out :)

I've now got something that is better.  However,  I find that when I
started downloading e-mail or web pages or packages for a workstation
that is attached to the network then the net connection drops away and
then comes back up again a few seconds later.  This has the effect of
stopping e-mail, web pages and anything else dead in it's tracks.  I
have to do a Ctrl-c on a workstation and re-start all over a again.
Not only that it happens every two or three e-mails or so.  Very
frustrating.

I need to get away from this situation.  As you can see below I have
allowed in at port 80, 20 and 113 some tcp.  But, I think this has not
been done in the way that it should be done.

Can anyone help me to sort out the last part of IPF.conf so that I can
get the whole thing to work properly ?




#  Security policy
#
block in log all

#  Loopback policy: Completely open
#
pass in quick on lo0 all
pass out quick on lo0 all
pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 0
pass in quick on ippp0 proto icmp from any to 192.168.1.0/24 icmp-type 11
pass in quick on ippp0 proto tcp from any to 192.168.1.0/24 port = 113
flags S keep state
pass in quick on ippp0 proto tcp from any to 192.168.1.0/24 port = 20
flags S keep state
pass in quick on ippp0 proto tcp from any to 192.168.1.0/24 port = 80
flags S keep state
#  Large pile of IANA stuff in here ... for example..
block in log quick from 37.0.0.0/8 to any

#  then more it and then
#  Rasputin's state rules
#
pass out on ippp0 proto tcp/udp from any to any keep state
pass out on ippp0 proto icmp from any to any
pass out on ippp0 proto icmp from any to any icmp-type 8 keep state
pass in all






-- 
Richard