Alexey E. Suslikov wrote:
b) uncomfortableness for people, who wants to have bunch
of rules stated differently from their state policy
default, instead of just constructing more hacking-proofing
ruleset.
If I understand correctly, Alexey is asking for a global option for the
default
On Fri, Jan 09, 2004 at 09:41:45AM -, Peter Galbavy wrote:
Alexey E. Suslikov wrote:
b) uncomfortableness for people, who wants to have bunch
of rules stated differently from their state policy
default, instead of just constructing more hacking-proofing
ruleset.
If I understand
On Fri, Jan 09, 2004 at 09:41:45AM -, Peter Galbavy wrote:
Alexey E. Suslikov wrote:
b) uncomfortableness for people, who wants to have bunch
of rules stated differently from their state policy
default, instead of just constructing more hacking-proofing
ruleset.
If I understand
On Tue, Jan 06, 2004 at 07:00:17PM -0700, j knight wrote:
Henning Brauer wrote:
On Tue, Jan 06, 2004 at 03:48:36PM -0700, j knight wrote:
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as routes do not
Henning Brauer wrote:
On Tue, Jan 06, 2004 at 10:05:58AM +0100, Cedric Berger wrote:
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as routes do not change that is equivalent to beeing bound to
the
On Tue, Jan 06, 2004 at 05:31:41PM +0100, Cedric Berger wrote:
Henning Brauer wrote:
On Tue, Jan 06, 2004 at 10:05:58AM +0100, Cedric Berger wrote:
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as routes do not change that is equivalent to beeing bound to
the interface.
Would you agree then that the behavior of non -current pf is the
equivalent of
On Tue, Jan 06, 2004 at 03:48:36PM -0700, j knight wrote:
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as routes do not change that is equivalent to beeing bound to
the interface.
Would you agree
Henning Brauer wrote:
On Tue, Jan 06, 2004 at 03:48:36PM -0700, j knight wrote:
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as routes do not change that is equivalent to beeing bound to
the interface.
On Tuesday, Jan 6, 2004, at 18:00 US/Pacific, j knight wrote:
Henning Brauer wrote:
On Tue, Jan 06, 2004 at 03:48:36PM -0700, j knight wrote:
Henning Brauer wrote:
that is in practice true for 99% of you.
the state key does not include the interface, but the direction.
as long as routes do not
Ok. floating is the default, and is what PF has been doing all the time.
That mean that if you've a rule like:
pass in on fxp0 keep state
Once the state is created, PF will match that state with packets having
the same characteristics (source/dest IP, same port for UDP/TCP, ...)
coming
Alexey E. Suslikov wrote:
i can't find the discussion with daniel, where he pointed out:
this is the pf.conf manual page issue in saying:
here is the daniel's message
http://www.benzedrine.cx/pf/msg02982.html
Quoting from that message:
But it's not entirely true, either, as state
On Mon, Jan 05, 2004 at 11:13:13PM +0200, Alexey E. Suslikov wrote:
that's why we always do
block log all
pass on $int
pass out on $ext from ($ext) to any keep state
Wouldn't this pass all packets, rendering the ``block log all''
useless?
-Ray-
Ray wrote:
that's why we always do
block log all
pass on $int
pass out on $ext from ($ext) to any keep state
Wouldn't this pass all packets, rendering the ``block log all''
useless?
What you're saying is true IFF your only interfaces are $int and $ext.
ifconfig -a
Mike
--
14 matches
Mail list logo
