From owner-freebsd-questions Mon Feb 26 18: 8:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id 551AD37B491 for ; Mon, 26 Feb 2001 18:08:49 -0800 (PST) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.20.155.2]) by mostgraveconcern.com (8.11.1/8.11.1) with SMTP id f1R28l225353; Mon, 26 Feb 2001 18:08:48 -0800 (PST) (envelope-from dan@mostgraveconcern.com) Message-ID: <008b01c0a062$38812200$029b140a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: "Duraid" , Subject: Re: NAT with ipfw? Date: Mon, 26 Feb 2001 18:08:47 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >if the default policy is to deny every thing then why you firewall is >full with deny rulls. shouldn't it just have the allow rulls since >everything else is going to be droped by default. Mostly to log specific ports...Others (like FTP) so I can quickly make them 'allow' temporarily. >other thing i think your firewall is stateless (using establish). if you >have made it statefull (using keep-state) i think it would be much >smaller. Well, for now, two reasons: 1. What I've got works for me, so "If it ain't broke, don't fix it"... 2. I haven't had time to get up to speed on keep-state :-( As I get time, I'll explore this... >neat site.. in my bookmarks Thanks, glad you find it useful! --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com FreeBSD Cheat Sheets http://www.mostgraveconcern.com/freebsd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message