Il 02/07/2012 15:51, Jim Pingle ha scritto:
On 7/2/2012 9:38 AM, Tonix (Antonio Nati) wrote:
Too much confusion in keeping filters tables,
Switching how the entire firewall operates is also very confusing and
not likely to do what people expect -- floating rules would be much
easier
Il 04/07/2012 16:21, Sean Cavanaugh ha scritto:
Once you have an incoming connection (first time) to, let's say from INT X
to INT Y, dest IP Z, dest port P, will these alternative rules be evaluated
in same moment or not?
- Evaluate INPUT on INT X, dest IP Z, dest port P
- Evaluate OUTPUT on
Il 04/07/2012 15:41, Giles Coochey ha scritto:
On 04/07/2012 11:06, Tonix (Antonio Nati) wrote:
Il 04/07/2012 11:44, Ermal Luçi ha scritto:
On Wed, Jul 4, 2012 at 10:44 AM, Tonix (Antonio Nati)
to...@interazioni.it wrote:
Il 02/07/2012 15:51, Jim Pingle ha scritto:
On 7/2/2012 9:38 AM
Il 02/07/2012 15:32, Jim Pingle ha scritto:
On 7/2/2012 8:41 AM, Tonix (Antonio Nati) wrote:
I've suggested (both for pfSense and Monowall) to give the possibility
to invert the filtering directions.
Which you can do on floating rules. You can make floating rules in the
'out' direction
Il 02/07/2012 15:51, Giles Coochey ha scritto:
On 02/07/2012 14:37, Tonix (Antonio Nati) wrote:
I would be not so sure about that.
When I gave an inside look at PF, some years ago, I had the
perception filters are evaluated all together in the same place,
despite they are ingoing
OpenBSD has some adavantages in this case, if I remember good.
CARP works without sacrifying useless IP, so you can use only one IP
instead of three for each couple of redundant interfaces coupled together.
Tonino
Il 10/05/2012 22:45, Hugo Heykers ha scritto:
Op 10-05-12 22:09, Tim Nelson
If you speak only about WAN and LAN, yes, but if you have other
interfaces interested all changes.
You could enable a service on the OPT1, available to all existing
interfaces.
So in this case, floating rule would permit any 'OUT' connection to that
service offered inside OPT1.
This permit
[mailto:list-boun...@lists.pfsense.org] *On Behalf Of *Tonix
(Antonio Nati) tonix-at-interazioni.it
*Sent:* 15 December 2011 14:57
*To:* pfSense support and discussion
*Subject:* Re: [pfSense] 'direction' of firewall rules for
floating rules?
If you speak only about WAN
Forgot to add.
Small holes (like one interface of ten to be excluded) can be handled
putting a deny rule for that specific interface, just before the general
rule, as usual.
Regards,
Tonino
Il 15/12/2011 18:09, Tonix (Antonio Nati) ha scritto:
Floating rules are useful for complex
Il 21/09/2011 14:05, Chris Buechler ha scritto:
On Wed, Sep 21, 2011 at 7:55 AM, Tonix (Antonio Nati)
to...@interazioni.it wrote:
I think you should examine how CARP works on your routers and how it works
in pfsense.
In pre 2.0 version, PFsense CARP has a (fixed) different zone for each
10 matches
Mail list logo
