Hello Trevor, Thanks for the advice, Ive tried to have one rule to catch both directions but if it is outgoing traffic then the keepstate will automatically allocate the incoming packets that are comming back to the same queue. But if the request originated from a incoming request there is no way possible that the same outgoing queue will work for that traffic.
Unless im wrong.. Regards Mark ---------------------------------------------------------------- Do not fumble with a woman's logic. ---------------------------------------------------------------- On Tue, 22 Jul 2003, Trevor Talbot wrote: >On Tuesday, Jul 22, 2003, at 06:43 US/Pacific, Henning Brauer wrote: > >> On Tue, Jul 22, 2003 at 02:55:47AM -0700, Trevor Talbot wrote: >>> Also note that most of your rules are a bit "loose" as far as TCP >>> goes. The upside is that they'll pick up existing connections when >>> you reboot/reconfigure the firewall, but you may want to get more >>> control over which direction connections are initiated from by using >>> "flags S/SA" with all of them. It depends on your situation; this is >>> just a heads up. >> >> I consider this flags filtering stupid. > >Well true, if you aren't using modulate state, there isn't much point. >Mark's situation could be handled with just rule reorganization. He >currently has rules that catch both directions, and my impression is >that he didn't really want connections being initiated in both >directions. So I ended up suggesting that, instead of realizing both >rules aren't necessary now that keep state is present. > >
