Subject: Re: IPNat, IPF, and webservers...
To: David Woyciesjes <DAW@yalepress3.unipress.yale.edu>
From: Ignatios Souvatzis <is@beverly.kleinbus.org>
List: tech-net
Date: 10/20/2000 19:31:06
On Fri, Oct 20, 2000 at 10:17:03AM -0400, David Woyciesjes wrote:

> -----IPF.CONF-----
> #!/sbin/ipf -f -
> #
> # Prevent IP spoofing.
> pass in quick on ppp0 proto tcp from any to 10.10.10.10/32 port = 80
> #
> block in quick all with short

Do I read correctly that you block everything but tcp port 80? You should at
least allow selected ICMP messages, too (e.g., packet too big needed for
path mtu discovery), else some peers won't be able to talk to you, or vice
versa.

"But I'm not IPF expert".

Regards,
	-is