Lubomir Georgiev wrote:
I'd like to thank all the people who replied to the thread I started. Your
help has been invaluable. The reason I didn't immediately respond to Jao is
that I wanted to make sure I wasn't mistaking - I was sure that IPFW +
NAT +
MAC address filtering in a single box was possible because I had seen it
with my own two eyes. I just didn't take the time to see the ruleset
then. I
was going there in a couple of days and was going to shed some light on the
subject but it turns out I don't need to - Patrick and Julian have
backed me
up.
I am going to try out what you've recommended and post the results. Once
again thanks for all your efforts and Jao please do try not to go all "high
and mighty" over other seeking help when what we really want is one and the
same thing - to help each other, and that I think is the purpose of this
list.
So, I'll keep you posted.
As I posted, I think you can use keep-state to pass state between
layer 2 and layer 3 instances of the firewall.
the trick is to remmeber that "check-state" just re-runs the rule that
had the orginal keep-state, and that that rule can be almost anything, including
a skipto.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
