Date: Fri, 30 Jan 2015 18:39:05 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: wishmaster <artemrts@ukr.net> Cc: freebsd-net@freebsd.org Subject: Re: ipfw, nat and stateful firewall: why "keep-state" on "skipto" works at all and how do this properly? Message-ID: <54CBA599.8030904@FreeBSD.org> In-Reply-To: <1422608336.828476401.wghnslia@frv34.fwdcdn.com> References: <54CAD234.3020407@FreeBSD.org> <1422608336.828476401.wghnslia@frv34.fwdcdn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 30.01.2015 12:22, wishmaster wrote: > At first, i think you should move keep-state from skipto to > explicit allow rule. Yep! I like it TOO! > For my case with 4 ISP link I use something like this example, but > more complex, though. Could you please show variant for 4 ISP links? :) - -- // Lev Serebryakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJUy6WZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePXUEQAKF33zboObfY2QwHXkMniPP6 tDIRTH5uDYvj84L/90MhdA0eEZXLuoPUW34p57ipmSSiH0uBYvtvdQAR0WLe+0+Q XvmajOt5Gve6ANlgxr4PS//nOXte9dWp4ZtdvR44/BAZPM+jSeKVkWRsz/YLTS6x FrSGYAMgQYXTBSR/RpBz/dseqwTrY0Qcv9WJpU+oigHKpReZkVJ7tJmDgCAO8+rE X7YTyLwVPYXBw4Y77yZVox/P2oBEdMQ1Z6Eb/qvQXCNkszS4QmbMXj81Uu0x3Zdt BzvJoucnNSUeQivYDbZGY+521RBXtyLXfaWGyRHLFmFiNFz6iT+TdF/S93PBdhY6 1rPx9PIkdystxin44n87HBzYOn3XxiH+O4DcQjkwKfA/+3xGCQDY4FY9GdV+mlBQ nhxrmrmauhSAOUz3BoRDk1k/gcke3Kgcn06dBqNW/bShoJ7fjceK87jUK4OPYm5G JG6z1tVVRPBYmA2WFwGfmx6e60Qfq0dM8DVeffpf22UowNxx+t+JqpnRLFDyS7M+ iUuEnPWQL74/9WRmYREC1CBZWPAHiBm7HlhUz01lVu5uwH1PjdZzG+Z2n3VyWjas t3E/W4/+7ZKgCFS2jwBjiXoa16LunwdJUxH3feFYkLFrYgVoc4edHtsafUKyGsy+ ZrkOl05x9PavJtCTMr7W =3dsG -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54CBA599.8030904>