On Sat, Dec 21, 2002 at 08:33:24PM +0100, Xavier HUMBERT wrote:
> > options   INSECURE    # disable kernel security levels
> Not really wise for a firewall..

The box is not a firewall, it's a generic development system I use to
program my C projects and to test configurations before applying them on
production environments. It's basically the same setup I had with 1.5.3,
just that I wanted to add ALTQ in... and IPF didn't work anymore

> > #options  COMPAT_15   # NetBSD 1.5,
> I was told this one has to be kept ?

I wasn't sure about this.. well everything I have seems to still work,
but IPF

> > #options  GATEWAY     # packet forwarding
> Tou need to enable this on a firewall
> 
> > #options  PFIL_HOOKS  # pfil(9) packet filter hooks
> This one too ?

This wasn't enabled on my 1.5.3 system and IPF used to work..

> 
> > #options  IPFILTER_DEFAULT_BLOCK  # block all packets by default
> Not mandatory, but good practice

Yes my first ipf rules do this

Thanks,
Matt