Re: [44net] UCSD ipip gateway firewall updated

No protocols are blocked. A few ports are. What the firewall does is restrict gatewaying to AMPR hosts that are registered as A records in the AMPR.ORG DNS, and from gateways that are registered in the encap file. The current rules relevant to the gateway are (BSD ipfw syntax): 03000 allow ipencap from me to any 03100 allow ipencap from table(2) to me 03200 divert 4444 ip from any to table(1) in not dst-port 111,135-139,445,1025-1028,1900,2323,5353,7547 03300 allow ip from table(1) to any What this means is 3000: allow all packets encapsulated by the gateway out to anywhere 3100: allow inbound encap'd packets from registered gateways 3200: send incoming packets destined for registered hosts to the encapsulator except destination ports 111,135-139,445,1025-1028,1900,2323,5353,7547 3300: allow outgoing decapsulated packets from registered hosts out - Brian