I see that both HEAD and RELENG_7 rc.firewall have been updated for in-
kernel NAT functionality, but only for the 'open' and 'client' rulesets.
Is there any (functional) reason that the ${firewall_nat_enable} case is
not also included in the 'simple' rules, where its different placement
is determined by being preceded and anteceded by anti-spoofing rules?
I'm also slightly bemused by the lack (still) of any rules to allow any
ICMP (especially necessary icmptypes for MTU discovery) in 'simple'?
cheers, Ian
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
