=?ISO-8859-1?Q?Chyba_v_pravidl=E1ch_IPFilter, _nefunguje_DNS_resolving?=

[Ivan Dolnák]

Nazdar,

pokusal som sa experimentovat s pravidlami IPFiltera a stvoril
ipf.conf v zavere mailu. Vsetko funguje viac-menej podla mojich
predstav, akurat po aplikovani pravidiel mi na serveri nefunguje
preklad IP na hostname a spat.

Postrcite ma trosku, ze kde mam chybu? Presiel som dokumentaciu, ale
nic som nenasiel. Dakujem.



block in log quick all with ipopts
block in log quick proto tcp all with short
#
pass in quick on lo0 all
pass out quick on lo0 all
#
block in on rl0 all head 100
#
block in log quick from 224.0.0.0/3 to any group 100
#
block in log quick from 127.0.0.0/8 to any group 100
block in log quick from any to 127.0.0.0/8 group 100
#
block in log quick from 10.0.0.0/8 to any group 100
block in log quick from 172.16.0.0/12 to any group 100
block in log quick from 192.168.0.0/16 to any group 100
#
block in log quick from 158.193.60.109/32 to any group 100
#
pass in quick proto tcp from any to any port = http keep state group 100
pass in quick proto tcp from any to any port = smtp keep state group 100
pass in quick proto tcp from any to any port = ssh keep state group 100
#
#block return-rst in log proto tcp from any to any flags S/SA group 100
#block return-icmp(net-unr) in proto udp all group 100
#
pass out on rl0 all head 200
block out log quick from 127.0.0.0/8 to any group 200
block out log quick from any to 127.0.0.0/8 group 200
#
block out log quick from any to 158.193.60.109/32 group 200