On 1/5/2011 at 2:56 PM Axton wrote: |On Wed, Jan 5, 2011 at 10:14 AM, Mike. <the.li...@mgm51.com> wrote: | |> On 1/4/2011 at 10:57 PM Josh Smith wrote: |> |> | |> |pass in on $int_if0 # pass all incomming traffic on our internal |> interface |> |pass in on $int_if1 # pass all incomming traffic on our internal |> interface from the test network |> ============= |> |> |> |> |> I have two internal subnetworks, one for standard frames and one for |> jumbo frames. |> |> Instead of the two rules you cite, I use the following: |> |> |> |> |> # macros |> std_if = "em1" |> jum_if = "em0" |> loc_if = "lo0" |> |> |> # let internal traffic flow unimpeded |> pass quick on $loc_if |> pass quick on $std_if |> pass quick on $jum_if |> |> |"set skip" is probably more efficient. =============
It's a very light-duty firewall, but I'll read up on your suggestion anyway. Thanks.
