Do I need to change rules on the LAN side only to 'no state'? On Sat, Mar 14, 2009 at 11:05 PM, Chris Buechler <c...@pfsense.org> wrote:
> On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette <b...@bradgillette.com> > wrote: > > > > I've ran into another problem...when I change the LAN ip address, it > appears > > that the firewall rule for the LAN has to be changed. The default rule > that > > exists there, LAN Net to any, doesn't work anymore and has to changed to > > reflect the subnet of the new range. > > > > LAN subnet as specified in firewall rules changes when the LAN subnet > changes. If you are using that rather than specifying the actual > network, it will properly update automatically when you apply changes > on a LAN IP change. I've done that on numerous occasions and just did > it again and verified it does update properly. > > > > I wonder if there is a way to disabe > > 'stateful packet inspection'. > > > > Add rules with "no state". What most people run into is asymmetric > routing as someone noted earlier in this thread. If the firewall > doesn't see both directions of the network traffic, it can't properly > stateful filter. In 1.2.1 and newer it's tighter as the newer pf > defaults to flags S/SA on pass rules. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
