On Tue, 25 Jan 2000, the Webslave wrote:
> > Okay, so I finally decided to take the plunge and check out ipfilter. ipf
> > seemed to load my ruleset with no problems, but ipfstat dies with:
> >
> > ioctl(SIOCGETFS): Invalid argument
>
> And what would that ruleset be?
>
# Default to deny
block in log on tun0 from any to any
# Block unroutables
block in quick on tun0 from 192.168.0.0/16 to any
block in quick on tun0 from 172.16.0.0/12 to any
block in quick on tun0 from 10.0.0.0/8 to any
block in quick on tun0 from 127.0.0.0/8 to any
# Allow us to initiate any outgoing connections
pass out quick on tun0 proto tcp/udp from any to any keep state
pass out quick on tun0 proto icmp from any to any keep state
# Allow incoming trojans
pass in quick on tun0 proto tcp from any to any port = 12345 flags S keep state keep
frags
pass in quick on tun0 proto udp from any to any port = 31337 keep state
# Allow loopback
pass out quick on lo0
pass in quick on lo0
Note that I haven't been able to test this ruleset for legitimacy yet
because I can't interface with ipfstat :-)
Kris
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
