Peter N. M. Hansteen wrote:
mzozd [EMAIL PROTECTED] writes:
we were thinking of patching PF to filter on encapsulated traffic (pppoe
in particular).
I may be missing something important (extremely low caffeine levels at
the moment), but filtering pppoe on the TCP/IP level is already
.
Are there any particular drawbacks(not including a slightly add-on
overhead) for implementing such a feature? Is by any way, disorienting
the aims of PF ? Is there another, more efficient way to do it?
thank you for your time,
MzOzD
are welcomed.
Thank you for time,
MzOzD
Daniel Hartmeier wrote:
On Sat, May 21, 2005 at 09:52:48PM +0100, mzozd wrote:
# Do not scrub in any direction on INT B for our nfs server
no scrub on $int_b from $LAB_NFS_SERVERS to any
no scrub on $int_b from any to $LAB_NFS_SERVERS
Why restrict these rules to $int_b...
# Scrub
The patch works as expected. The prefixed no scrub rules.
Thank you very much Daniel,
Daniel Hartmeier wrote:
You can try the patch below, or alternatively make sure the positive
scrub rules do not include $LAB_NFS_SERVERS, as a workaround, like
scrub in from ! $LAB_NFS_SERVERS to !
to $WWW_SERVER port = 80 synproxy state
...
I hope this gave you the idea.
MzOzD
Hi,
I'm sorry for the newbie advice question.
I've ran OpenBSD for a couple years, and pf as well,
performing straight forward NAT, rdr, etc all
with the firewall having one public internet routable
rate ${DOWNLINK}Kbit burst 100k drop flowid :1
=
Finally, you can place the $START_PORT:$END_PORT in your e_mule queue on
your gateway.
I hope this sovles your problem and i am sure there are bettet ways to
do it :)
MzOzD
Mario Lopez
than PF:
1. No distracting arguments about whether to port it to OpenBSD.
When you want to open a discussion you must be open minded. use both
Linux and OpenBSD for different reasons. The ideas behind them are
somewhat different.
Yours,
MzOzD