natd and open firewall problem

Devon H. O'Dell dodell at sitetronics.com
Sat Feb 26 07:23:38 PST 2005


On Sat, 2005-02-26 at 15:11 +0000, Andreas Hauser wrote:
> justin wrote @ Sat, 26 Feb 2005 09:08:53 -0500 (EST):
> 
> > >          ${fwcmd} add 1 pass all from any to any
> 
> Yes, remove the 1.
> 
> > case ${firewall_type} in
> > [Oo][Pp][Ee][Nn])
> > 	setup_loopback
> > 	${fwcmd} add 65000 pass all from any to any
> > 	;;
> > 
> > Andreas - it looks like your last changeset is where the "add 1 ..." rule
> > came from.  Why did it go from rule 65000 to 1?  Any objection to me
> > changing it back?
> 
> My rationale was that if something goes wrong, e.g. some
> other script also adding rules, it will still stay open.
> Also if you later add rules you can figure them out entirely
> and then acivate them by removing rule 1.

I think that it should be left at 65000. This is the behavior in
FreeBSD, and people should use
the /usr/share/examples/ipfw/change_rules.sh script to modify their
post-boot ruleset safely, anyway (I think).

--Devon






More information about the Users mailing list