[ previous ] [ next ] [ threads ]
 
 From:  Ian Cartwright <ian351c at cox dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Rule Direction for ipf
 Date:  Tue, 30 Dec 2003 23:20:12 -0700
Hello everyone,

I am currently evaluating m0n0wall as a possible replacement for my
current firewall, and I have a question regarding the ipf rules
generated by the GUI for m0n0wall. My current testing involves two
m0n0wall boxes running on VMWare. For one of the m0n0wall boxes, the DNS
and NTP services are on the "LAN interface" network. While DNS queries
seem OK, all NTP queries are being blocked by ipf even though the source
and destination IP addresses are the same.

It's been about three years since I last used ipf (I switched to ipfw,
then to pf on FreeBSD when I gave up on trying to get ipfilter and KAME
play nice together on my FreeBSD firewall), but I recall that all the
rules in a ipf rule set are directional (i.e. rules can be INBOUND or
OUTBOUND on an interface). It would seem that there is a hidden rule
that allows outbound DNS queries on the LAN interface but not NTP
queries.

First: is my theory of "hidden rules" correct?
Second: if so, is there some way to view or edit these rules in the GUI
(if not, a "view hidden rules" check box, a la Checkpoint would be
really neat).
Third: is there a way to "manually" edit any default/hidden rules? They
do not appear in the config.xml file.

Thanks!

Ian