Greg Hennessy wrote:
I did mention it a few times but I suppose I wasn't clear
about it, but I really do want to use "single line firewall
rules", and the only way to do this is to keep state, if
there are other ways/rules to have really flexible firewall
but still with stateful inspecti
Greg Hennessy wrote:
So ultimately what your saying is PF is too clever now and
can never be simplified like UDP state modes for single line
The notion of UDP keeping state is overstated.
Basic layer 3 'keep state' for UDP is nothing more than a watchdog timer
tracking how long i
Daniel Hartmeier wrote:
On Tue, Jul 11, 2006 at 03:40:38PM +1000, Michael Vince wrote:
That still doesn't really answer my question and I also am looking for a
flags example of what would guarantee to provide the desired behavior.
If you don't specify a 'flags' o
Dmitry Andrianov wrote:
Hello.
I might remove these in the future but just want to at least
do some testing on a firewall setup for many reasons such as
it has 2 separate links and want to try changing between the
links/routes without affecting state.
I'm not sure how this should w
Hi all,
I have some questions about pf rules, and just want to get some things
clear in my mind about how PF works, no doubt some of the answers will
be obvious to some.
I wanted to create some pf rules for TCP that can withstand loosing
state but still utilizing the advantage of single line f
Roman Gorohov. wrote:
Hello list.
I'm planning to configure pf in bridged environment(using if_bridge on 6.1),
so I have question if transparent proxy will work?
Is the any working config, or some known issues?
TIA, Roman Gorohov.
___
What kind o
I was having trouble implementing the ftp-proxy daemon as well
I got it working after doing a few things,
I upgraded to 6.0 (its a old U1 Sparc64 Sun netra)
I discovered from the pf.conf man that it says "the use of the group and
user filter parameter in conjunction with a Giant-free netstack can
