[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-ipfw
Subject:    Re: 4.1.1 rc.firewall
From:       Ruslan Ermilov <ru () sunbay ! com>
Date:       2000-09-29 6:50:13
[Download RAW message or body]

On Thu, Sep 28, 2000 at 01:48:18PM -0400, Forrest Aldrich wrote:
> Any reason why these rules are repated (2 times) in /etc/rc.firewall... or 
> is it a typo.
> 
> 
> # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
>          # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
>          # on the outside interface
>          ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
>          ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
>          ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
>          ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
>          ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
> 
They are not repeated twice, they just broken into two parts, first before NAT,
and second after NAT.

-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message


[prev in list] [next in list] [prev in thread] [next in thread]