On 2005-08-14 21:41, stan wrote:
On Sun, Aug 14, 2005 at 09:13:07PM +0200, Erik Wikstr?m wrote:
On 2005-08-14 19:17, stan wrote:
>On Sun, Aug 14, 2005 at 12:24:43PM -0400, stan wrote:
>>I've got 2 rules like this:
>>
>>pass out on $int_if from any to any keep state
>>pass in on $int_if from any to any keep state
>>
>>That I think I should be able to replace with:
>>
>>pass out on $int_if from any to any keep state
>>pass in on $int_if from any to any keep state
>>
>>But when I do this, I get the follwing packets droped.
>>
>>Aug 14 12:08:05.230735 rule 0/(match) block out on fxp2:
>>171.85.113.55.2318 >
>>171.85.106.133.161: GetRequest(5)[|snmp]
>>
>>requiste defs are:
>>
>>int_if="fxp2"
>>
>>and the /etc/hostname.fxpo looks like this:
>>
>>inet 171.85.113.111 255.255.255.128 NONE
>>
>>What am I missing here?
>>
>Sorry for the stupid cut and paste error.
>
>Here are the rules I want to use :-(
>
>
Shouldn't that be
>pass in on $int_if from $int_if:network to any keep state
pass in on $int_if from any to $int_if:network keep state
I think this is backwards.
>pass out on $int_if from any to $int_if:network keep state
pass out on $int_if from $int_if:network to any keep state
This one too.
Oops sorry, yes.
--
Erik Wikstrvm
