On Thu, Jan 29, 2004 at 06:04:10PM -0200, Rodrigo Borghette Schmidt wrote:
> pass in on $int_if route-to {($ext_if1 $gw1),($ext_if2 $gw2)} round-robin
> proto tcp from $mynet to any flags S/SA modulate state
>
> pass in on $int_if route-to {($ext_if1 $gw1),($ext_if2 $gw2)} round-robin
> proto {icmp,udp} from $mynet to any keep state
Just a quick note to point out that I just committed a fix to -current
which avoids having to split rules like these up just to have modulate or
synproxy on tcp connections. You can now do the following, and the
non-tcp rules in the expansion will be 'keep state' (TCP flags will also
be dropped, but this is existing behaviour):
pass in on $int_if route-to {($ext_if1 $gw1),($ext_if2 $gw2)} round-robin \
proto { tcp icmp udp } from $mynet to any flags S/SA modulate state
