either:
pass in log (all) on $int_if inet proto udp from $admin_pc to !$int_if \
port 33433 33626 keep state tag mytracert
pass out log on $ext_if inet proto udp from $ext_if to any \
port 33433 33626 keep state tagged mytracert
or:
pass in log (all) on $int_if inet proto udp from
On Thu, Jan 20, 2011 at 01:47:20PM +0530, Indunil Jayasooriya wrote:
my question is that How can I exclude my firewall from being able to doing
it ?
I'm really not sure why you don't want the firewall to be able to
traceroute. (hint: if you can't trust the users on your firewall to
behave
l...@animata.net (David Gwynne), 2011.01.20 (Thu) 10:20 (CET):
either:
pass in log (all) on $int_if inet proto udp from $admin_pc to !$int_if \
port 33433 33626 keep state tag mytracert
pass out log on $ext_if inet proto udp from $ext_if to any \
port 33433 33626 keep state tagged
anyway, Thanks for enlightening me.
pass in log (all) on $int_if inet proto udp from $admin_pc to !$int_if \
port 33433 33626 keep state tag mytracert
pass out log on $ext_if inet proto udp from $ext_if to any \
port 33433 33626 keep state tagged mytracert
the above 2 rules were
pass in log (all) on $int_if inet proto udp from $admin_pc to !$int_if \
port 33433 33626 keep state
pass out log on $ext_if inet proto udp from $ext_if to any \
port 33433 33626 keep state tagged mytracert received-on $int_if
I guess there is a ``tagged mytracert'' copy-paste
On Thu, Jan 20, 2011 at 2:57 PM, Ryan McBride mcbr...@openbsd.org wrote:
On Thu, Jan 20, 2011 at 01:47:20PM +0530, Indunil Jayasooriya wrote:
my question is that How can I exclude my firewall from being able to
doing
it ?
I'm really not sure why you don't want the firewall to be able to
6 matches
Mail list logo