Nathan, I've gone the same way that you have, ie bunch of jails that are
individually providing services& kernel Nat. It takes careful planning and
the knowledge that the default route will be the first IP in your jail.conf
list for each jail.
Getting jails to play nice means fiddling around
On 4/02/2015 4:38 PM, Julian Elischer wrote:
On 2/4/15 1:32 PM, Julian Elischer wrote:
On 2/4/15 12:13 AM, Lev Serebryakov wrote:
And variants with multiple NATs and nat global becomes as easy as
this, too! No stupid skipto, no keep-state at incoming from local
network parts of firewall,
Two questions:
1. With this announcement
http://undeadly.org/cgi?action=articlesid=20140419151959
by the OpenBSD project concerning their dropping of ALTQ for their new
bandwidth and priority mechanism, can anyone share/advise what impact,
if any, this will this have for ALTQ and hence pf on
What is the use case of this addition? Is this objective to limit the
mischief on a certain port, for example ntp or port 53?
I can appreciate the need to limit the number of packets during, say a
DDOS event, but I'm struggling with why I would want less that 1 packet
per second.
Is the idea
On 11/03/2014 2:53 PM, Julian Elischer wrote:
It has annoyed me for some time that icmp packets refering ot an
ongoing session can not be matched by a dynamic rule that goversn that
session.
For example, if you have a dynamic rule for tcp 1.2.3.4 port
80 from 5.6.7.8 port 1 then a