Date: Fri, 17 Sep 2004 11:47:08 -0500 From: Norm Vilmer <norm@etherealconsulting.com> To: Micheal Patterson <micheal@tsgincorporated.com> Cc: freebsd-questions@freebsd.org Subject: Re: Too many dynamic rules, sorry Message-ID: <414B150C.6090608@etherealconsulting.com> In-Reply-To: <06fd01c49ccd$36e91450$4df24243@tsgincorporated.com> References: <414A6E9C.4060708@etherealconsulting.com><020b01c49c76$e3d1ada0$0201a8c0@dredster> <414AF79C.4030809@etherealconsulting.com> <06af01c49cc5$b0b615b0$4df24243@tsgincorporated.com> <414B02FD.6020703@etherealconsulting.com> <06fd01c49ccd$36e91450$4df24243@tsgincorporated.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Micheal Patterson wrote:
>
> ----- Original Message -----
> From: "Norm Vilmer" <norm@etherealconsulting.com>
> To: "Micheal Patterson" <micheal@tsgincorporated.com>
> Cc: <freebsd-questions@freebsd.org>
> Sent: Friday, September 17, 2004 10:30 AM
> Subject: Re: Too many dynamic rules, sorry
>
>
> <snip>
>
>>I do have a check-state rule
>>
>>add 00200 check-state
>>
>>Norm Vilmer
>
>
> Ok. Then right above the check-state entry, place an
>
> allow ip from 123.123.123/24 to 123.123.123./24
>
> Replace the ip's with the appropriate network/metric for your lan and that
> will allow lan traffic to go to itself unhindered by any stateful checks.
>
> --
>
> Micheal Patterson
> TSG Network Administration
> 405-917-0600
>
> Confidentiality Notice: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message.
>
>
>
>
would this be the same?
add 00200 allow all from any to any via ${iif} keep-state
add 00210 check-state
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?414B150C.6090608>