Your post is a little confusing, or maybe it's just me.
The "out" rules don't work in bridging mode. It might be that the "out"
rule only applies to connection from the firewall itself. I haven't
confirmed that yet. Maybe sometime I get time to try this out.
To save space in the state table use the "flags" key word in your
rules. Just check the How-To or browse the archives there are plenty of
examples.
At 10:52 AM 02/28/2001, Maxime Longuet wrote:
I've bridge + Ipf
xl0 on my internal network
xl1 on my routeur
I've this rules
pass in log quick on xl1 proto icmp from any to 193.56.133.70/32
pass in quick on xl1 proto icmp from any to 193.56.133.200/32
pass in quick on xl0 proto TCP/UDP all keep state
block in log quick on xl1 from any to any
But for pass out the rules pass in quick on xl0 proto TCP/UDP all keep
state is necessary and the word keep state too. The problem is that the
firewall crash with too many state. I've already give this question but no
success ...
|