--On 23 October 2005 08:30 -0400, Darrel wrote:
My ruleset is basic, about like:
"about like" isn't nearly as good as directly including the whole file.
to be complete you might also include 'ifconfig', 'brconfig -a' and
'netstat -rn -finet' to give us a better idea of the network (if you
absolutely must mask the IP addresses, consistently replace one of the
numbers, but be certain you don't cover up an typo by doing so). this
is far better than a written description or ascii-art since people that
might be able to help can read this type of output more easily.
pass in log quick on $eth_if proto { tcp, udp } from \
...
pass out on $ext_if proto tcp all modulate state flags S/SA
generally with a filtering bridge, you would want to pass all traffic
on one of the interfaces ('set skip on XX' or a 'pass on XX' rule), and
just make rules apply to the other interface. Whether or not this is
what you're doing, isn't clear from your message.
Is this typical of bridges?
No.
