"fbsd_user" <[EMAIL PROTECTED]> writes:
> Sorry but the rule set you posted is doing 'keep-state' on the lan
> interface and not the interface facing the public internet. All the
> rule statements processing against the public interface are
> stateless. Doing stateful testing on the private lan is just waste
> of cpu cycles, it proves nothing other than you have less turst in
> your lan users that you have in unknown public internet users.
Not really; the stateful rules are being applied against the public
Internet responses to packets sent out by the LAN users.
--
Lowell Gilbert, embedded/networking software engineer, Boston area:
resume/CV at http://be-well.ilk.org:8088/~lowell/resume/
username/password "public"
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
