Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass icmp from any to any via ${oip} keep-state
Do you think these are causing the problem?
Aren't udp and icmp state-less protocols?
In that case, keep-state would not make much sense.
I use 'keep-state' only for tcp rules.
I may be wrong, moreover, I haven't followed the full thread :).
Rob.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
