Norman Maurer <[EMAIL PROTECTED]> writes:
> The only problem I noticed was that we had some connection problems
> when using synproxy in front of our webserver. So i replaced it by
> keep state. Any idea if this is a know "bug" ?
I remember some reports about synproxy oddities on FreeBSD a while
On Wed, 04 Jul 2007 12:55:34 +0200, [EMAIL PROTECTED] (Peter N. M. Hansteen)
wrote:
> Norman Maurer <[EMAIL PROTECTED]> writes:
>
>> It seems to me that I need one "in" and one "out" rule for each
>> FORWARD rule. Is this right ?
>
> not necessarily. you can have rules which are not explicitl
On 07/04/2007 03:54:57 AM, Norman Maurer wrote:
Hi all,
we are on the way to migrate some linux firewall to a pf firewall.
After I read the pf faq and manual pages I'm still not sure whats the
best way to replace iptables "FORWARD" rules.
It seems to me that I need one "in" and one "out" rule f
Norman Maurer <[EMAIL PROTECTED]> writes:
> It seems to me that I need one "in" and one "out" rule for each
> FORWARD rule. Is this right ?
not necessarily. you can have rules which are not explicitly bound to
an interface, such as
webserver = "194.54.107.19"
webservices = "{ www, https }"
blo
Hi all,
we are on the way to migrate some linux firewall to a pf firewall. After I read
the pf faq and manual pages I'm still not sure whats the best way to replace
iptables "FORWARD" rules.
It seems to me that I need one "in" and one "out" rule for each FORWARD rule.
Is this right ?
Is it
