per...@pluto.rain.com wrote:
>
> > ... the 'fwd ... keep-state' statement does create a useful
> > dynamic rule. It contradicts the ipfw(8) man page but works ...
>
> Hopefully someone who understands all this will submit a patch
> for the man page :)
The man page says that the "Dynamic rules wi
Victor Sudakov wrote:
> ... the 'fwd ... keep-state' statement does create a useful
> dynamic rule. It contradicts the ipfw(8) man page but works ...
Hopefully someone who understands all this will submit a patch
for the man page :)
___
freebsd-questio
Nikos Vassiliadis wrote:
> >A packet generated locally 1) should be forwarded by a 'fwd'
> >rule and 2) should create a dynamic 'allow' rule for returning
> >traffic. Could you please suggest a ruleset for this.
>
> The fw has the 10.0.0.1 IP address.
> The 10.0.0.100 IP address belongs to anothe
On 9/7/2010 5:52 PM, Victor Sudakov wrote:
A packet generated locally 1) should be forwarded by a 'fwd'
rule and 2) should create a dynamic 'allow' rule for returning
traffic. Could you please suggest a ruleset for this.
The fw has the 10.0.0.1 IP address.
The 10.0.0.100 IP address belongs to
Nikos Vassiliadis wrote:
> >>>Am I asking something unreasonable?
> >>
> >>Not really, but if you ask, one could say that IPFW is a "first
> >>match wins" firewall, so a fwd or an allow action would be the
> >>terminal one. You must design your rules accordingly.
> >>
> >>There is also the skipto a
On 9/7/2010 2:00 PM, Victor Sudakov wrote:
Nikos Vassiliadis wrote:
Am I asking something unreasonable?
Not really, but if you ask, one could say that IPFW is a "first
match wins" firewall, so a fwd or an allow action would be the
terminal one. You must design your rules accordingly.
There is
Nikos Vassiliadis wrote:
> >Am I asking something unreasonable?
>
> Not really, but if you ask, one could say that IPFW is a "first
> match wins" firewall, so a fwd or an allow action would be the
> terminal one. You must design your rules accordingly.
>
> There is also the skipto action which ca
On 9/7/2010 12:00 PM, Victor Sudakov wrote:
Am I asking something unreasonable?
Not really, but if you ask, one could say that IPFW is a "first
match wins" firewall, so a fwd or an allow action would be the
terminal one. You must design your rules accordingly.
There is also the skipto action w
Am I asking something unreasonable?
Victor Sudakov wrote:
>
> What tricks do you use if you need to allow a packet and then fwd
> it (or vice versa)? The search terminates and the packet quits ipfw on
> "fwd" as well as on "allow".
>
> How do I allow a packet and then policy route it? An example
Colleagues,
What tricks do you use if you need to allow a packet and then fwd
it (or vice versa)? The search terminates and the packet quits ipfw on
"fwd" as well as on "allow".
How do I allow a packet and then policy route it? An example ruleset
will be appreciated.
--
Victor Sudakov, VAS4-
10 matches
Mail list logo
