On Sat, Jun 11, 2005 at 03:31:46PM +0200, Tobias Fendin wrote: > I don't have this line: > pass in on $ext_if inet proto tcp from any port 20 to ($ext_if) user > proxy flags S/SA keep state > And it works anyway.
probably because you use passive mode on your FTP clients. that rule is needed for active mode FTP clients behind the firewall. -j -- "William Shatner: Now men, we are about to go on a very dangerous mission. It is highly likely that one of you will die. The crew that will go with me are Spock, McCoy and Ensign Ricky. Ensign Ricky: Aw crap." --Family Guy