no access to web server behind ipfw
Christer Hermansson
mail at chdevelopment.se
Fri Oct 17 11:54:13 PDT 2008
Chen Xu wrote:
> $cmd 100 divert natd ip from any to any in via $pif
> $cmd 101 check-state
>
>
>
You use "in via $pif", I'm not 100% sure but I think you should only use
"via $pif".
> # Authorized inbound packets
> $cmd 421 allow tcp from any to 192.168.1.10 80 in via $pif setup limit
> src-addr 5
>
>
>
I think it's bad to use statefull rules for inbound connections.
--
Christer Hermansson
http://www.chdevelopment.se
More information about the freebsd-questions
mailing list