On Sun, 2 Jan 2005 22:57:05 -0800 (PST), faisal gillani
<[EMAIL PROTECTED]> wrote:
> i want to test ipfilter , for that i want to allow
> everything first , then later on make deny rules as
> suited to my requirment,
> in other words i dont want to disturb service offered
> by my freebsd server,
>
> wat is the command for that ?
Welll, from a security perspective this is the wrong way - you should
deny everything by default, and only pass that which you need. Doing
it the way you describe is significantly less likely to be effective -
like having a stuffed toy for a guard dog.
However, if you RTFM you'll easily find the default. From memory it
is to pass, so unless the final rule for any group is a block (or you
change the default for either IP Filter or that group) then you should
pass everything.
Just don't be surprised when your firewall turns out to provide little
protection.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
