FreeBSD Bugzilla – Attachment 172993 Details for
Bug 211380
[handbook] Add rule to avoid packets that natd divert doesn't need to see
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to add firewall rule to example
handbook-firewall.diff (text/plain), 1.17 KB, created by
Alan Hicks
on 2016-07-26 11:55:16 UTC
(
hide
)
Description:
Patch to add firewall rule to example
Filename:
MIME Type:
Creator:
Alan Hicks
Created:
2016-07-26 11:55:16 UTC
Size:
1.17 KB
patch
obsolete
>Index: en_US.ISO8859-1/books/handbook/firewalls/chapter.xml >=================================================================== >--- en_US.ISO8859-1/books/handbook/firewalls/chapter.xml (revision 49160) >+++ en_US.ISO8859-1/books/handbook/firewalls/chapter.xml (working copy) >@@ -2270,12 +2270,13 @@ > to pass.</para> > > <programlisting>$cmd 499 deny log all from any to any >-$cmd 500 divert natd ip from any to any out via $pif # skipto location for outbound stateful rules >+$cmd 500 allow ip from me to not me out via $pif # avoid packets natd doesn't care about >+$cmd 501 divert natd ip from any to any out via $pif # skipto location for outbound stateful rules > $cmd 510 allow ip from any to any</programlisting> > > <para>In this example, rules <literal>100</literal>, > <literal>101</literal>, <literal>125</literal>, >- <literal>500</literal>, and <literal>510</literal> control the >+ <literal>501</literal>, and <literal>510</literal> control the > address translation of the outbound and inbound packets so > that the entries in the dynamic state table always register > the private <acronym>LAN</acronym> <acronym>IP</acronym>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=172993">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 211380
: 172993 |
172994