From my test bench firewall, work in progress (I'm testing some rules and
ordering) :
-----
# Prevent IP spoofing
block in quick all with short

# Private networks
block in quick on ppp0 from 192.168.0.0/16 to any
block in quick on ppp0 from 172.160.0.0/12 to any
block in quick on ppp0 from 10.0.0.0/8 to any

# Some proprietary networks
block in quick on ppp0 from 127.0.0.0/8 to any
block in quick on ppp0 from 0.0.0.0/8 to any
block in quick on ppp0 from 169.254.0.0/16 to any
block in quick on ppp0 from 192.0.2.0/24 to any
block in quick on ppp0 from 204.152.64.0/23 to any
block in quick on ppp0 from 224.0.0.0/3

# Last rule, I dont know why it's here...
pass in on ex1 proto tcp from 192.168.0.0/24 to 192.168.0.1
-----
This is a basic set of rules, nothing to prevent anything seriously. The
last rule is strange, maybe something left from an old version of rules (at
least 192.168.0.0/24 should be 192.168.0.0/16).
You should add your rules to hide your firewall from outside wall.

BTW, any comments on theses rules are welcomed.

----- Original Message -----
From: "zuan ." <me_izwan@hotmail.com>
To: <gillham@vaultron.com>
Cc: <port-i386@netbsd.org>
Sent: Thursday, April 11, 2002 2:42 PM
Subject: Re: IPFiler ( ipf ) for dial-up and LAN


> what about ipf.conf ??
> i try make some rules but it end up blocking my LAN from access the
internet
> so right now i only have this :
>
> pass in quick on rtk0 all
> pass out quick on rtk0 all
>
> pass in quick on ppp0 all
> pass out quick on ppp0 all
>
> pass in quick on lo0 all
> pass out quick on lo0 all