Hmm, I may well be missing something very obvious but rule 01000 seems
to be doing exactly what it says it will. Are you sure you meant deny
rather than allow on rule 01000 ? It seems very unfreindly to allow
outgoing TCP connections and then the minute they are established deny
any return
Greg,
My guess would be to look at rule 00800. I suspect that the network that
you are having problems with is on BGE0. NAT and keep-state do not play
well with each other.
Jason
On Sun, November 4, 2007 4:14 pm, [EMAIL PROTECTED] wrote:
Hmm, I may well be missing something very obvious but
Yep bad advice on my part, should have re-read the man page first. One
thing that might also be useful however would be to use the ipfw -e -d
show command when this occuring so that the expired and dynamic rule
set is also displayed. I have logged bugs with IP6 keep-state in the
past but not IP4
