On Sat, May 21, 2005 at 09:52:48PM +0100, mzozd wrote: > # Do not scrub in any direction on INT B for our nfs server > no scrub on $int_b from $LAB_NFS_SERVERS to any > no scrub on $int_b from any to $LAB_NFS_SERVERS
Why restrict these rules to $int_b... > # Scrub on all interfaces > scrub in all > scrub out all .. but not these? The NFS fragments with DF set are blocked on $int_a, where latter two rules match, but the former two don't. Either make all rules apply to both interfaces, or restrict all to one interface. Daniel
