please paste the output of ipfstat -i -h, ipnat -l and the contens of your ipfrules file, and ipnatrules file.
Just an FYI, ipnat happens before ipf, so your rules need to be written post nat. --- irado furioso com tudo <[EMAIL PROTECTED]> wrote: > Bruno Fernandes wrote: > > > > > > >>note: even changing rules a lot, I am unable to do > this. Then I just > >>tryied to 'block everything for that machine': > >> > > > >>:=== begin > >>block in quick from any to 192.168.1.89 > >>block out quick from any to 192.168.1.89 > >>block in quick from 192.168.1.89 to any > >>:=== > >> > > > > > >>but nmap (from dmz) still shows open ports 22 and > 53 on these machine. > >>How to effectively BLOCK every packet from dmz to > internal lan?? :o( > >> > > > > You have run nmap from the DMZ? > > > > > yes, I did. > > > > > -- > > sauda��es, > > Irado Furioso com Tudo > Linux (SuSE) User 179402 > tortura � sempre instrumento do estado, dos pais, > dos professores.. > sempre algu�m se imagina ter poder acima dos demais. > Viva a anarquia!!! > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
