Date: Thu, 16 Oct 2008 21:33:16 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: freebsd-ipfw@freebsd.org Subject: Speaking of rc.firewall .. Message-ID: <20081016212110.T4254@sola.nimnet.asn.au>
next in thread | raw e-mail | index | archive | help
I see that both HEAD and RELENG_7 rc.firewall have been updated for in- kernel NAT functionality, but only for the 'open' and 'client' rulesets. Is there any (functional) reason that the ${firewall_nat_enable} case is not also included in the 'simple' rules, where its different placement is determined by being preceded and anteceded by anti-spoofing rules? I'm also slightly bemused by the lack (still) of any rules to allow any ICMP (especially necessary icmptypes for MTU discovery) in 'simple'? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081016212110.T4254>