On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette <[email protected]> wrote: > > I've ran into another problem...when I change the LAN ip address, it appears > that the firewall rule for the LAN has to be changed. The default rule that > exists there, LAN Net to any, doesn't work anymore and has to changed to > reflect the subnet of the new range. >
LAN subnet as specified in firewall rules changes when the LAN subnet changes. If you are using that rather than specifying the actual network, it will properly update automatically when you apply changes on a LAN IP change. I've done that on numerous occasions and just did it again and verified it does update properly. > I wonder if there is a way to disabe > 'stateful packet inspection'. > Add rules with "no state". What most people run into is asymmetric routing as someone noted earlier in this thread. If the firewall doesn't see both directions of the network traffic, it can't properly stateful filter. In 1.2.1 and newer it's tighter as the newer pf defaults to flags S/SA on pass rules. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
