Date: Thu, 16 Oct 2008 21:33:16 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-ipfw@freebsd.org Subject: Speaking of rc.firewall .. Message-ID: <20081016212110.T4254@sola.nimnet.asn.au>
next in thread | raw e-mail | index | archive | help
I see that both HEAD and RELENG_7 rc.firewall have been updated for in-
kernel NAT functionality, but only for the 'open' and 'client' rulesets.
Is there any (functional) reason that the ${firewall_nat_enable} case is
not also included in the 'simple' rules, where its different placement
is determined by being preceded and anteceded by anti-spoofing rules?
I'm also slightly bemused by the lack (still) of any rules to allow any
ICMP (especially necessary icmptypes for MTU discovery) in 'simple'?
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081016212110.T4254>