ipfw, nat and stateful firewall: why "keep-state" on "skipto" works at all and how do this properly?
Lev Serebryakov
lev at FreeBSD.org
Fri Jan 30 15:39:23 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 30.01.2015 12:22, wishmaster wrote:
> At first, i think you should move keep-state from skipto to
> explicit allow rule.
Yep! I like it TOO!
> For my case with 4 ISP link I use something like this example, but
> more complex, though.
Could you please show variant for 4 ISP links? :)
- --
// Lev Serebryakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQJ8BAEBCgBmBQJUy6WZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePXUEQAKF33zboObfY2QwHXkMniPP6
tDIRTH5uDYvj84L/90MhdA0eEZXLuoPUW34p57ipmSSiH0uBYvtvdQAR0WLe+0+Q
XvmajOt5Gve6ANlgxr4PS//nOXte9dWp4ZtdvR44/BAZPM+jSeKVkWRsz/YLTS6x
FrSGYAMgQYXTBSR/RpBz/dseqwTrY0Qcv9WJpU+oigHKpReZkVJ7tJmDgCAO8+rE
X7YTyLwVPYXBw4Y77yZVox/P2oBEdMQ1Z6Eb/qvQXCNkszS4QmbMXj81Uu0x3Zdt
BzvJoucnNSUeQivYDbZGY+521RBXtyLXfaWGyRHLFmFiNFz6iT+TdF/S93PBdhY6
1rPx9PIkdystxin44n87HBzYOn3XxiH+O4DcQjkwKfA/+3xGCQDY4FY9GdV+mlBQ
nhxrmrmauhSAOUz3BoRDk1k/gcke3Kgcn06dBqNW/bShoJ7fjceK87jUK4OPYm5G
JG6z1tVVRPBYmA2WFwGfmx6e60Qfq0dM8DVeffpf22UowNxx+t+JqpnRLFDyS7M+
iUuEnPWQL74/9WRmYREC1CBZWPAHiBm7HlhUz01lVu5uwH1PjdZzG+Z2n3VyWjas
t3E/W4/+7ZKgCFS2jwBjiXoa16LunwdJUxH3feFYkLFrYgVoc4edHtsafUKyGsy+
ZrkOl05x9PavJtCTMr7W
=3dsG
-----END PGP SIGNATURE-----
More information about the freebsd-net
mailing list