Hello Lev, Sunday, August 14, 2016, 8:27:02 PM, you wrote:
When auto-numbering is used, all rules with any keep-state/check-state or table opcodes is printed out as number 00000 on addition, like this: add 11000 allow dst-ip MCAST // Allow incoming multicast add deny not dst-ip SKYNET_IP // Before NAT it should be to this specific me! add deny src-ip table(intip4) // And it should be not from strange addresses add deny src-ip table(bans) // And it should not be banned add allow src-ip HE_IPV4_TUN proto ipv6 // IPv6 tunneling through this interface add nat SKYNET_NAT // De-NAT add check-state // Make things faster add skipto 30000 // Allowed local services - common block add deny // Safeguard 11000 allow ip from any to any dst-ip 224.0.0.0/4 // Allow incoming multicast 11010 deny ip from any to any not dst-ip 94.19.235.70 // Before NAT it should be to this specific me! 00000 deny ip from any to any src-ip table(intip4) // And it should be not from strange addresses 00000 deny ip from any to any src-ip table(bans) // And it should not be banned 11040 allow ip from any to any src-ip 216.66.80.26 proto ipv6 // IPv6 tunneling through this interface 11050 nat 1 ip from any to any // De-NAT Line 133: Ambiguous state name '//', 'default' used instead. : No error: 0 00000 check-state default 11070 skipto 30000 ip from any to any // Allowed local services - common block 11080 deny ip from any to any // Safeguard They, really, got proper numbers, but "ipfw" output looks strange. -- Best regards, Lev mailto:[email protected]
pgpt6w7xc2fSE.pgp
Description: PGP signature
