Re: IPFILTER Rules

2004-06-02 Thread horio shoichi
On Wed, 02 Jun 2004 22:54:22 + Randy Babb <[EMAIL PROTECTED]> wrote: > On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote: > > The delay seems suspiciously like a DNS timeout. Since you haven't > > mentioned any rules to explicitly allow DNS traffic below, I assume > > you > > don't have any

Re: IPFILTER Rules

2004-06-02 Thread Randy Babb
On Wed, 2004-06-02 at 20:39, Giorgos Keramidas wrote: > The delay seems suspiciously like a DNS timeout. Since you haven't > mentioned any rules to explicitly allow DNS traffic below, I assume > you > don't have any. Just add the following rules before your groups: > > pass out quick proto u

Re: IPFILTER Rules

2004-06-02 Thread Giorgos Keramidas
On 2004-06-02 15:12, Randy Babb <[EMAIL PROTECTED]> wrote: > Hi, > I'm just learning how to use IPFilter and I'm having some trouble. I > hope someone can help me. I have a server running on my LAN I'm trying > to set up some rules on, they are basically the same as the ones in > Absolute BSD by Mi

Re: IPFILTER rules with shell symbloic substitution

2003-11-27 Thread Roman Neuhauser
# [EMAIL PROTECTED] / 2003-11-26 12:13:53 -0600: > In the last episode (Nov 26), fbsd_user said: > > Looking for way to code IPFILTER rules with shell symbolic > > substitution. I know how to do it in the rules, but how to get ipf > > pgm to exec in shell? Any body have example of how to setup this

Re: IPFILTER rules with shell symbloic substitution

2003-11-26 Thread Jez Hancock
On Wed, Nov 26, 2003 at 02:59:00PM -0500, fbsd_user wrote: > Ipf.test rules file > #!/bin/sh > nic="l0" > /sbin/ipf -Fa -f - < pass in on $nic all > pass out on $nic all > pass in all > pass out all > EOF > > Any ideas about what is wrong with my ipfilter_rules="/etc/ipf.test" > statement. The i

RE: IPFILTER rules with shell symbloic substitution

2003-11-26 Thread fbsd_user
Ipf.test rules file #!/bin/sh nic="l0" /sbin/ipf -Fa -f - <mailto:[EMAIL PROTECTED] Behalf Of Mike Maltese Sent: Wednesday, November 26, 2003 1:41 PM To: [EMAIL PROTECTED] ORG Cc: Dan Nelson Subject: Re: IPFILTER rules with shell symbloic substitution > /etc/rc.firewall has

Re: IPFILTER rules with shell symbloic substitution

2003-11-26 Thread Mike Maltese
> /etc/rc.firewall has lots of examples using ipfw; the concepts should > work just as well with ipf. I'm not sure that's true. /etc/rc.firewall is a shell script, an IP Filter ruleset isn't. From the documentation and my own use of it, IP Filter doesn't support variable substitution. If you're ru

Re: IPFILTER rules with shell symbloic substitution

2003-11-26 Thread Dan Nelson
In the last episode (Nov 26), fbsd_user said: > Looking for way to code IPFILTER rules with shell symbolic > substitution. I know how to do it in the rules, but how to get ipf > pgm to exec in shell? Any body have example of how to setup this? /etc/rc.firewall has lots of examples using ipfw; the