On 3/11/2016 8:21 PM, Attila Fülöp wrote: > On 03/12/2016 12:02 AM, Eric wrote: >> Does ipfilter or ipnat have a way to create a rule such as: >> >> # ipf.conf >> pass in quick proto tcp not from 10.10.10.0/24 to any port = 12345 keep >> state keep frags > > Yes: > > pass in quick proto tcp from ! 10.10.10.0/24 to any ...
Of all things, when everything else is spelled out, I wouldn't have expected negate to be a symbol It does get pretty tricky, since there are multiple NAT networks involved. And one of them have a mix of rules for both internet and private address blocks. The real solution is to have two separate ports, one for the internet and one for the internal networks, but I have to work with what's given to me.
signature.asc
Description: OpenPGP digital signature
------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
