Bill Eldridge wrote:
>
> >From the man page:
>
> These rules regulate the acceptance of incoming IP
> local network interfaces are checked against the
> input firewall rules. The first rule that matches
> with a packet determines the policy to use and will
> also cause the rule's packet en byte counters being
> adapted. When no matching rule is found, the
> default policy for the input firewall is used.
>
> If you deny everything first, then any packet will match
> that denial, and be rejected. (which is the same way
> Ciscos do it). Unless I'm horribly confused.
That is correct, but the first line is
ipfwadm -F -p deny
which is the default policy. If you look at your quote, you see that the default
policy is examined last.
-Joe
> --
> Bill Eldridge
> Radio Free Asia
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: Joachim Feise <[EMAIL PROTECTED]>
> To: Bill Eldridge <[EMAIL PROTECTED]>
> Cc: Steve Helder <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
> <[EMAIL PROTECTED]>
> Date: Thursday, June 11, 1998 4:54 PM
> Subject: Re: [masq] [masq] IP - masquerade setup problems
>
> >Bill Eldridge wrote:
> >
> >> Order matters, so if you deny everythingfirst, then the rules never
> meet the allowclauses later. As mmy first guess.--
> >
> >That is not quite right, actually, it is wrong.
> >For security reasons, you always should deny everything first, and
> subsequently
> >allow things like forwarding.
> >Did you enable forwarding in the proc fs? Try adding this line to your rc
> >script:
> >echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> >Oh, and please don't send HTML-formatted messages. ASCII is preferred (I
> hope I
> >didn't copy the tags over when I copied the text).
> >
> >-Joe
> >
> >> Bill Eldridge
> >> Radio Free Asia
> >> [EMAIL PROTECTED]
> >>
> >> -----Original Message-----
> >> From: Steve Helder <[EMAIL PROTECTED]>
> >> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> >> Date: Thursday, June 11, 1998 2:36 PM
> >> Subject: [masq] IP - masquerade setup problemsI am attempting to
> use IP-Masquerading on a newly
> >> installed Redhat 5.1 Linux box. I am connected to my ISP using
> PPP and can ping the nameservers from
> >> Linux. I have followed the instructions in the Linux IP
> Masquerade mini HOWTO by Ambrose Au for setting
> >> up my Windows 95 machine. After I set it up I can ping the
> ethernet card on the Linux box which is
> >> 10.0.100.5 but can't get any further. (pinging the nameservers) I
> have setup the ipfwadm -F -p deny and
> >> ipfwadm -F -a m S 10.0.100.0/24 -D 0.0.0.0/0 on the Linux box. I
> am assuming I am close but missing
> >> something. Any assistance would be appreciated Steve Helder
> >
> >
> >--
> >Joachim Feise Microsoft Certified Solution Developer
> >mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/
> >mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
> >---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
