Too many dynamic rules, sorry
Norm Vilmer
norm at etherealconsulting.com
Fri Sep 17 09:47:15 PDT 2004
Micheal Patterson wrote:
>
> ----- Original Message -----
> From: "Norm Vilmer" <norm at etherealconsulting.com>
> To: "Micheal Patterson" <micheal at tsgincorporated.com>
> Cc: <freebsd-questions at freebsd.org>
> Sent: Friday, September 17, 2004 10:30 AM
> Subject: Re: Too many dynamic rules, sorry
>
>
> <snip>
>
>>I do have a check-state rule
>>
>>add 00200 check-state
>>
>>Norm Vilmer
>
>
> Ok. Then right above the check-state entry, place an
>
> allow ip from 123.123.123/24 to 123.123.123./24
>
> Replace the ip's with the appropriate network/metric for your lan and that
> will allow lan traffic to go to itself unhindered by any stateful checks.
>
> --
>
> Micheal Patterson
> TSG Network Administration
> 405-917-0600
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
>
>
>
would this be the same?
add 00200 allow all from any to any via ${iif} keep-state
add 00210 check-state
More information about the freebsd-questions
mailing list