"fbsd_user" <[EMAIL PROTECTED]> writes: > Sorry but the rule set you posted is doing 'keep-state' on the lan > interface and not the interface facing the public internet. All the > rule statements processing against the public interface are > stateless. Doing stateful testing on the private lan is just waste > of cpu cycles, it proves nothing other than you have less turst in > your lan users that you have in unknown public internet users.
Not really; the stateful rules are being applied against the public Internet responses to packets sent out by the LAN users. -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"