Hi, On my firewall (not bridge), all accepted incoming requests to my hosted services are allowed with 'flags S/SA modulate state'. As my firewall is a NAT router, I thought I might use 'synproxy' rather than 'modulate state'. Because my firewall is not configured as a bridge, and according to the man page, this looks like a good idea.
Reading OpenBSD pf documentation and reading pf.conf example on google, it seems using 'synproxy' is not that automatic. So my question is, can I automatically use 'flags S/SA modulate state' to allow incoming requests or are there any restrictions (for eg, not with ICMP, or not with domain/UDP, ...) ? TIA, Jo -- ,- This mail runs ------. `--------- NetBSD/smtp -'
pgp1Zjx6xhIC9.pgp
Description: PGP signature