Speaking of rc.firewall ..
Ian Smith
smithi at nimnet.asn.au
Thu Oct 16 10:33:19 UTC 2008
I see that both HEAD and RELENG_7 rc.firewall have been updated for in-
kernel NAT functionality, but only for the 'open' and 'client' rulesets.
Is there any (functional) reason that the ${firewall_nat_enable} case is
not also included in the 'simple' rules, where its different placement
is determined by being preceded and anteceded by anti-spoofing rules?
I'm also slightly bemused by the lack (still) of any rules to allow any
ICMP (especially necessary icmptypes for MTU discovery) in 'simple'?
cheers, Ian
More information about the freebsd-ipfw
mailing list