Patrick Lamaiziere wrote: > > > I have a configuration with 2 inside interfaces, 1 outside and 1 dmz > > interface. The traffic should be able to flow > > > > 1) from inside1 to any (and back) > > 2) from inside2 to any (and back) > > 3) from dmz to outside only (and back). > > > > I need no details, just a general hint how to setup such security > > levels, preferably independent of actual IP addressses behind the > > interfaces (a :network macro is not always sufficient). > > You may use urpf-failed instead :network > urpf-failed: Any source address that fails a unicast reverse path > forwarding (URPF) check, i.e. packets coming in on an interface other > than that which holds the route back to the packet's source address.
Excuse me, I do not see how this is relevant to my question (allowing traffic to be initiated from a more secure interface to a less secure interface and not vice versa). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
