Ignatios---
	I'm not an IPF expert, either, and I'm a little worried about
attacks too (considering the limited resources on my home LAN). I've also
just started using this firewall this week. I have yet to read all of the
way through the IPF How-To, for any tips. Do you know of any important stuff
I might need?

---   David A Woyciesjes
---   C & IS Support Specialist
---   Yale University Press
---   mailto:david.woyciesjes@yale.edu
---   (203) 432-0953
---   ICQ # - 905818


-> -----Original Message-----
-> From: Ignatios Souvatzis [mailto:is@beverly.kleinbus.org]
-> Sent: Friday, October 20, 2000 1:31 PM
-> To: David Woyciesjes
-> Cc: 'tech-net@netbsd.org'
-> Subject: Re: IPNat, IPF, and webservers...
-> 
-> 
-> On Fri, Oct 20, 2000 at 10:17:03AM -0400, David Woyciesjes wrote:
-> 
-> > -----IPF.CONF-----
-> > #!/sbin/ipf -f -
-> > #
-> > # Prevent IP spoofing.
-> > pass in quick on ppp0 proto tcp from any to 10.10.10.10/32 
-> port = 80
-> > #
-> > block in quick all with short
-> 
-> Do I read correctly that you block everything but tcp port 
-> 80? You should at
-> least allow selected ICMP messages, too (e.g., packet too 
-> big needed for
-> path mtu discovery), else some peers won't be able to talk 
-> to you, or vice
-> versa.
-> 
-> "But I'm not IPF expert".
-> 
-> Regards,
-> 	-is
->