On Thu, 5 Dec 2002, jolan wrote:
On Thu, Dec 05, 2002 at 09:21:05PM -0300, Alejandro G. Belluscio wrote:
I have a 3.2 release runing as a firewall. I've got an IP tunnel
service from www.freenet6.net. So I use gif0 for the tunnel. It didn't
worked when I just had the first rule. But then
Hello Dries,
Friday, December 06, 2002, 7:07:02 AM, you wrote:
block in quick on $ExtIF inet6 from any to any
pass in quick on $ExtIF proto 41 from 206.123.31.114 to $ExtIP keep state
The difference is something like this: proto 41 is ipv6 over ipv4,
while inet6 is native ipv6.
DS You
http://www.deadly.org/commentShow.php3?sid=20021206054031pid=34
--
Dries Schellekens
email: [EMAIL PROTECTED]
I'm going to revisit this topic... as a comment from eWeek's OpenHack 4
caught my attention. On the following page, in the left column...
http://www.eweek.com/image_popup/0,3662,s=25546iid=18512,00.asp
Regarding OpenBSD 3.2 PF:
*** We did notice a few problems where pf rules we wrote using
On Fri, Dec 06, 2002 at 12:37:32PM -0800, Stephen Gutknecht (OBSD-PF) wrote:
*** We did notice a few problems where pf rules we wrote using the
firewall's keep state option would incorrectly block packets returned as a
result of an incoming connection ***
That is a pretty good description
Correction to last post...
I wrote:
When we used keep state on our out rules, we would see port 80 packets
originating from our IIS server were sometimes showing in the log as
dropped.
I meant to say:
When we used keep state on our *in* rules (both interfaces of bridge) - we
would sometimes
Hi Daniel,
Are the default timeout values documented somewhere. If not, you post them.
The man pages for pf.conf show how to set them, but doesn't seem to indicate
the defaults.
On similar note: does set optimization influence the timeouts, or is it
merely relaxing the state matching
