netbsd-help: Re: IPF Configuration

Subject: Re: IPF Configuration
To: None <netbsd-help@NetBSD.org>
From: Richard Ibbotson <richard@sheflug.co.uk>
List: netbsd-help
Date: 06/26/2004 16:40:34

Hi

Think I have to ask another question about IPF syntax.

Looking further into my own IPF configuration I find that I would like 
to understand some more about the syntax. If I have a rule which says 
for example....

block in log quick on ippp0 proto tcp from any to 10.0.0.0/24 port 136 >< 140

where 10.0.0.0/24 is an internal network or is it better to write it 
this way around ? .........

block in log quick on ippp0 proto tcp from any to any port 136 >< 140

Similarly if I were to use some of the IANA address ranges.. is 
this...

block in log quick on ippp0 from 7.0.0.0/8 to 10.0.0.0/24 

better than using this..

block in log quick on ippp0 from 7.0.0.0/8 to any

 remembering that this is a dial up ISDN firewall box with proxying 
enabled.

Regards





Richard