Others have already given some good feedback (and asked some good questions), but:
> pass out all keep state You're allowing out the initial TCP SYN, and creating a state entry for the connection here. You should be able to make outgoing connections anywhere with this rule. Once a state entry gets created, the state table will match on the traffic for the session, and the rules list won't have to be evaluated. J. -- Jason V. Miller _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
