On Wed, Jan 17, 2007 at 01:12:52PM -0500, mdpeters wrote: > I am getting syslogging messages now. I have to wait until the evening > to test it live again. > > Do the other rules look fine to you? I am used to other products like > Checkpoint. If there is a cleaner way I would like to hear about it. > > NAT hosts are in various networks internally. I might have one in the > DMZ right off one ipfilter interface while another host sits on the LAN. > > Thanks for the logging tip. The obvious right?
I haven't looked over your rules in depth... I'd rather not take the time to analyze them when your logs will tell you exactly what rule is causing the problems. Besides - you're not getting to the rules yet - pfil isn't even loaded. -- Phil Dibowitz [EMAIL PROTECTED] Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Never write it in C if you can do it in 'awk'; Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr' can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: Digital signature
