[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Problem configuring IPV6 - Kindly help
Thank you Greg. It works now and am happy.
On Sat, Mar 16, 2013 at 5:44 AM, Greg Troxel <gdt%ir.bbn.com@localhost>
> pass out quick on any all *//this I believe will take care of lo0 also*
Michael David <servers.david%gmail.com@localhost
> I want to allow ALL outgoing traffic on wm0 and only allow ssh and http in
> on wm0
> My rules are as follows:
>> pass in quick on wm0 proto tcp from any to any port = 80 keep state*
> pass in quick on wm0 proto tcp from any to any port = 22 keep state
Your basic issue is that you need to allow replies to outgoing traffic.
So, my advice:
do not use quick. that's a preference, but I like last match
pass out keep state
pass in port 22
so then all outgoing packets are allowed, and the pass out will set up
perflow dynamic allow rules to let replies back in.
you may also want keep frags somehow. I'm fuzzy on the details, but in
the modern world you may see fragments coming back to dns queries due to
dnssec key records
Main Index |
Thread Index |