port-i386: Re: ipf.conf rulesets for outside firewall.

Subject: Re: ipf.conf rulesets for outside firewall.
To: Alicia da Conceicao <alicia@cyberstation.ca>
From: Rene Hexel <rh@idle.trapdoor.vip.at>
List: port-i386
Date: 01/06/2000 15:00:52

Alicia da Conceicao wrote:

> trick, and restrict access from the outside.  These rules unfortunately
> do not allow the internal lan or the firewall server itself to access
> the outside Internet.  When logged into the firewall, I cannot ping the
> outside, or make tcp socket connections either.

  This is because you use stateless rules for outgoing connections. 
Thus, any reply packets will be dropped by the 'incoming' rules.  If you
use 'keep state' for your outgoing rules as well, this problem should go
away ...

  Cheers
      ,
   Rene