dp from $business_net to
> ! keep state
You could reduce this to two rules, as well.
pass in log quick on $int_if inet proto { tcp udp } from $int_if:network \
to ! flags S/SA modulate state
pass in log quick on $bus_if inet proto { tcp udp } from $bus_if:network \
to ! flags S/SA modulate state
I'm sure that if I'm off the mark, someone more knowledgeable will put
me right.
Cheers,
Dan
--
Daniel Bye
PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc
PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A
pgp7s4fiOSqcv.pgp
Description: PGP signature
, so take that
into account if you write dedicated rules.
As for your ssh problem - this may be related to a DNS timeout.
Try disabling DNS in ssh (by default, it will try to look up the name
of a remote host from its IP and check that it resolves back to the same
address). Alternatively, you can edit your /etc/hosts, or start running
a local name server.
Anyway, like I said - IANAE!
Dan
--
Daniel Bye
PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc
PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A
pgpyQYBG2Sgcb.pgp
Description: PGP signature
