Subject: Re: New IP filter code
To: None <tech-net@NetBSD.ORG, tech-security@NetBSD.ORG>
From: Michael Richardson <email@example.com>
Date: 04/01/1997 23:30:45
-----BEGIN PGP SIGNED MESSAGE-----
I worked out the problems with the filters by putting
sysctl -w net.inet.ip.forwarding=0
at the top of /etc/netstart, and reenabled ipforwarding
after installing my filters. I'd like to see the kernel boot with all
forwarding off, and block all if ipfiltering is configured. If you
want to pass things, you can do "ipf -D"
If you built with IP filtering, then you probably wanted
I'm still having troubles getting DNS *responses* in that aren't to
port 53. I had expected the syntax to include definitions for source
and destination ports. I've asked that question on the filtering list.
:!mcr!: | Network security consulting and
Michael Richardson | contract programming
WWW: firstname.lastname@example.org. PGP key available.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----