I have a Firewall with more than two interfaces (two internal network interfaces and one internat interface). When I open a rule to allow one internal network to browse the internet, buy allow. 10.10.0.0/16 -> 0.0.0.0 port 80 as a side effect, I opened http rule from one internal network to the other internal network as well.
I think it will be a good idea to and an outgoing interface check into the rule. (not the same as the fastroute interface) How about try a routing attempt to verify if the packet will leave the Firewall on the intended interface. For those stateful rules, such verification is only needed once during state creation. Wonder if this has been done on 4.x version? Regards, ============================ Ming Fu Borderware Technologies, Inc. http://www.borderware.com [EMAIL PROTECTED] (905)804-1855 Ext 229
BEGIN:VCARD VERSION:2.1 N:Fu;Ming FN:Ming Fu ORG:Borderware Technologies Inc TEL;WORK;VOICE:(905)804-1855 Ext 229 URL;WORK:http://www.borderware.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20030604T144936Z END:VCARD
