On Thu, 2007-03-15 at 22:42 +0000, Stuart Henderson wrote:
> No, that would expand to three rules, one passing all traffic from
> <inside> and the other two as above.
>
> you either need:
>
> pass out on bge0 from <inside>
> block out on bge0 from <inside> to { <outside>, <llcidr> }
>
> or:
>
> block quick out on bge0 from <inside> to { <outside>, <llcidr> }
> pass out on bge0 from <inside>
>
alright, but I already have a default "block everything" rule, why would
I need additional block rules?
> alternatively you could have a combined table containing both
> outside and llcidr sets of addresses, but you can't nest tables
> so it's probably more work to maintain.
which is too bad.
alternatively, I did this and it seemed to work
pass out on bge0 from <inside> to { any, !<outside> }
pass out on bge0 from <inside> to { any, !<llcidr> }
--
Ryan Corder <[EMAIL PROTECTED]>
Systems Engineer, NovaSys Health LLC.
501-219-4444 ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
