Hi, On my firewall (not bridge), all accepted incoming requests to my hosted services are allowed with 'flags S/SA modulate state'. As my firewall is a NAT router, I thought I might use 'synproxy' rather than 'modulate state'. Because my firewall is not configured as a bridge, and according to the man page, this looks like a good idea.
Reading OpenBSD pf documentation and reading pf.conf example on google,
it seems using 'synproxy' is not that automatic.
So my question is, can I automatically use 'flags S/SA modulate state'
to allow incoming requests or are there any restrictions (for eg, not
with ICMP, or not with domain/UDP, ...) ?
TIA,
Jo
--
,- This mail runs ------.
`--------- NetBSD/smtp -'
pgp1Zjx6xhIC9.pgp
Description: PGP signature
