On Sun, 5 Sep 2004, Oliver Humpage wrote:
On Sun, 5 Sep 2004, Mipam wrote:
If I have set state-poliy floating and i have
block in on $ext_if
pass out on $ext_if modulate state
Then traffic incomming on $int_if will be allowed, because it may
leave through the $ext_if right? Traffic
on 6/9/04 9:21 am, Mipam at [EMAIL PROTECTED] wrote:
Hmm i see, so for outbound traffic over $ext_if
1) nat
2) filtering
And for inbound traffic first filtering and then nat.
For ipf its the other way around, okay, it clears things up, thank you.
No, it's always NAT then filtering.
on 6/9/04 11:18 am, Mipam at [EMAIL PROTECTED] wrote:
On Mon, 6 Sep 2004, Oliver Humpage wrote:
on 6/9/04 9:21 am, Mipam at [EMAIL PROTECTED] wrote:
Hmm i see, so for outbound traffic over $ext_if
1) nat
2) filtering
And for inbound traffic first filtering and then nat.
For ipf its
On Mon, 6 Sep 2004, Oliver Humpage wrote:
on 6/9/04 11:18 am, Mipam at [EMAIL PROTECTED] wrote:
On Mon, 6 Sep 2004, Oliver Humpage wrote:
on 6/9/04 9:21 am, Mipam at [EMAIL PROTECTED] wrote:
Hmm i see, so for outbound traffic over $ext_if
1) nat
2) filtering
And for
Hi,
I have some simple questions about normalization and state keeping.
Eh, yes i did rtfm and the faq from the OpenBSD site which were very
helpfull. :-)
I wish to normalize inbound and outbound traffic in a way so i used:
scrub on $ext_if all fragment reassemble reassemble tcp random-id
So
On Sun, 5 Sep 2004, Mipam wrote:
If I have set state-poliy floating and i have
block in on $ext_if
pass out on $ext_if modulate state
Then traffic incomming on $int_if will be allowed, because it may
leave through the $ext_if right? Traffic to an open port (on the pf
machine) on the
