Too many dynamic rules, sorry
Rob
spamrefuse at yahoo.com
Fri Sep 17 07:53:51 PDT 2004
Norm Vilmer wrote:
> Here are the rules that I have that keep-state on the outside interface:
>
> #For DNS
> add 01300 pass udp from ${oip} to any 53 keep-state
> # For NTP
> add 01400 pass udp from ${oip} to any 123 keep-state
> # For VPN
> add 01500 pass gre from any to any keep-state
> # For ICMP
> add 01600 pass icmp from any to any via ${oip} keep-state
>
> Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the full thread :).
Rob.
More information about the freebsd-questions
mailing list