Replying on only on paragrapg, everything else agreed. On Tue, Apr 17, 2012 at 11:33:27AM +0200, Ermal Lu?i wrote: E> The only problem i might see is when running more than one firewall E> together but still there are other issues when you do that at pfil(9) E> level.
Well, playing with two firewalls was never safe and clear, there always be edge cases in such setups. E> Also, if_simloop is not meant for packet leaving the host so that E> should be safe no? Shouldn't live, but it still enters pfil(9) and there one or other firewall can again bounce it in any direction. Probable M_SKIP_FIREWALL is good idea. -- Totus tuus, Glebius. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
