On Fri, 2005-10-28 at 13:42 -0400, Scott Ullrich wrote: > On 10/28/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > On Fri, 2005-10-28 at 13:05 -0400, Scott Ullrich wrote: > > > I think it will work better with a "dummy" ip. But it will work > > > without a ip as well now. > > > > Hm. Dummy IP looks like ugliest and the most unintuitive solution. > > > > Also as I noted it results in few options breaking - anti lockout and > > stuff. > > Which I noted that I fixed.
As I understand you've fixed by simply not generating this rule... For this one it might be proper solution as in bridging configuration you can't easily split LAN and WAN. There are however some other rules such DHCP enabling rule which as I understand should remain actually enabling access from LAN. There are few others which I'm not sure about.... Well you probably know their purpose the best. If you're sure all they simply can be dropped in bridging configuration that is cool. > > > If you'we fixed these to use WAN IP address in this case instead, I do > > not understand why do you need fake address at all. > > Because you cannot add rules to the LAN interface without it? But the rule will will not be functional with fake IP address - it typically does not make sense as there are no from/to ips in the network - fake is not really used anywhere. So why to keep them with fake IP wasting resources instead of simply removing if they are not needed. > > > Practically speaking all rules with fake IP are broken and functionality > > which they expect to provide to provide does not work. > > If you do not enter an IP on the interface, that is correct. And if you do you get non sense rules for fake IP which does not exist :) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
