On Wed, Dec 2, 2009 at 12:42 AM, Rod Whitworth <glis...@witworx.com> wrote:
> I saw your email saying you had fixed your problem BUT that last line
> above negates both of your icmp rules. A 'block in' statement would
> normally be the first filter rule and then only explicit allowed
> traffic gets in and you could take out the "quick"s.
Yes, i thought so but it works?
I do have another problem though. I am also using rtadvd and cannot at
the moment ping6 out whereas ping6 from the outside to a host on
rtadvd works...
Here is the modified rules, if anyone can shed lights on that:
set skip on lo
#block all in
block in
#nat&ftp
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
#nat
nat on $ext_if from !($ext_if) -> ($ext_if:0)
#ftp
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
anchor "ftp-proxy/*"
pass out
#quick on sis0
pass quick on $int_if no state
#antispoof
antispoof quick for { lo $int_if }
#ipv6 pings
pass in quick proto icmp6
pass out quick proto icmp6
Cheers;
Steph
