natd and open firewall problem
Devon H. O'Dell
dodell at sitetronics.com
Sat Feb 26 07:23:38 PST 2005
On Sat, 2005-02-26 at 15:11 +0000, Andreas Hauser wrote:
> justin wrote @ Sat, 26 Feb 2005 09:08:53 -0500 (EST):
>
> > > ${fwcmd} add 1 pass all from any to any
>
> Yes, remove the 1.
>
> > case ${firewall_type} in
> > [Oo][Pp][Ee][Nn])
> > setup_loopback
> > ${fwcmd} add 65000 pass all from any to any
> > ;;
> >
> > Andreas - it looks like your last changeset is where the "add 1 ..." rule
> > came from. Why did it go from rule 65000 to 1? Any objection to me
> > changing it back?
>
> My rationale was that if something goes wrong, e.g. some
> other script also adding rules, it will still stay open.
> Also if you later add rules you can figure them out entirely
> and then acivate them by removing rule 1.
I think that it should be left at 65000. This is the behavior in
FreeBSD, and people should use
the /usr/share/examples/ipfw/change_rules.sh script to modify their
post-boot ruleset safely, anyway (I think).
--Devon
More information about the Users
mailing list