On Sat, Jun 11, 2005 at 03:31:46PM +0200, Tobias Fendin wrote:
> I don't have this line:
> pass in on $ext_if inet proto tcp from any port 20 to ($ext_if) user
> proxy flags S/SA keep state
> And it works anyway.
probably because you use passive mode on your FTP clients. that rule is
needed for active mode FTP clients behind the firewall.
-j
--
"William Shatner: Now men, we are about to go on a very dangerous
mission. It is highly likely that one of you will die. The crew that
will go with me are Spock, McCoy and Ensign Ricky.
Ensign Ricky: Aw crap."
--Family Guy
