From owner-freebsd-questions Mon Feb 26 5:11: 8 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail1.rdc1.on.home.com (femail1.rdc1.on.home.com [24.2.9.88]) by hub.freebsd.org (Postfix) with ESMTP id 4DF5C37B4EC for ; Mon, 26 Feb 2001 05:11:05 -0800 (PST) (envelope-from latif2221@home.com) Received: from home.com ([24.114.36.13]) by femail1.rdc1.on.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20010226130950.QMDD24578.femail1.rdc1.on.home.com@home.com>; Mon, 26 Feb 2001 05:09:50 -0800 Message-ID: <3A9A0BD9.FE92DCB4@home.com> Date: Mon, 26 Feb 2001 07:55:05 +0000 From: Duraid Organization: nonp X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2 i586) X-Accept-Language: en MIME-Version: 1.0 To: Dan O'Connor , "freebsd-questions@FreeBSD.ORG" Subject: Re: NAT with ipfw? References: <003601c09fa2$2e6a2340$029b140a@danco> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG im having a problem understanding the following.. and i've noticed it in several designs including yours: if the default policy is to deny every thing then why you firewall is full with deny rulls. shouldn't it just have the allow rulls since everything else is going to be droped by default. other thing i think your firewall is stateless (using establish). if you have made it statefull (using keep-state) i think it would be much smaller. neat site.. in my bookmarks Duraid To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message