Sergey Prisyazhniy [EMAIL PROTECTED] writes:
Yes, Luca :). The think is, that I want, for example, to setup remote
machines
via siteXYtools (also load to pf.conf).
And as you can get, I don't know anything about the remote NIC's, so in
this case
I wana make fully
On Thu, Nov 30, 2006 at 04:00:37PM +, Karl O. Pinc wrote:
The clean solution would be if pf had some sort of #include
mechanisim. Then the macros that abstract the interfaces could
be written into include-ed files and everything else would be
sane.
pfctl -D int_if=foo -f /etc/pf.conf
On 11/30/2006 04:25:12 AM, Sergey Prisyazhniy wrote:
Yes, Luca :). The think is, that I want, for example, to setup
remote machines
via siteXYtools (also load to pf.conf).
And as you can get, I don't know anything about the remote
NIC's, so in this case
I wana
quoting http://www.openbsd.org/faq/pf/filter.html
quote
IP Options
By default, PF blocks packets with IP options set. This can make the job
more difficult for OS fingerprinting utilities like nmap. If you have
an application that requires the passing of these packets, such as
On Fri, Dec 01, 2006 at 02:14:14PM +1300, Russell Fulton wrote:
pass in quick on fxp0 all allow-opts
Am I correct in thinking that this line effectively passes *all* traffic
in on fxp0 with no more checking because of the 'quick' option?
Yes, it does.
The rule is meant to illustrate