Hi,
I recently discovered a strange behavior on my border router.
In the following ruleset:
block log all
block in log quick from urpf-failed to any
pass quick on $int_if inet6 proto udp from any to any port ripng
block drop on !$int_if inet6 proto udp from any to any port ripng
all occurrences
Hi,
I suspect pf is caching invalid outdated dynamic addresses. After this
happens, all requests
sent from internal hosts are sent with the previous dynamic address as
source address and
are ignored by our provider. Requests sent directly from our pf-box use
the new dynamic
address as expecte
Hi,
the anchor rule in the following ruleset doesn't work.
table const { 192.168.0.25, \
192.168.1.0/24, \
192.168.125.0/24 }
anchor mailIn proto tcp to $mail_addr { \
#exim
pass quick proto tcp from to any port smtp \
}
pass quick proto tcp
Hi David,
David DeSimone schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reinhard Haller <[EMAIL PROTECTED]> wrote:
Based on the last rule there is no way to distinguish forwarded from
local outgoing traffic.
Any suggestions?
Change this rule like so:
nat on $
Hi Gilberto,
Gilberto Villani Brito schrieb:
On 24/09/2007, Reinhard Haller <[EMAIL PROTECTED]> wrote:
Hi,
I want to restrict the locally generated outgoing traffic from the nat
gateway (cvsup, ddclient i.e. http + https, portupgrade i.e. ftp + http)
to the internet.
How to disti
Hi,
I want to restrict the locally generated outgoing traffic from the nat
gateway (cvsup, ddclient i.e. http + https, portupgrade i.e. ftp + http)
to the internet.
How to distinguish forwarded traffic on tun0 from the local traffic
after natting?
Thanks
Reinhard
_
