View Single Post
  #2   (View Single Post)  
Old 2nd January 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

Quick suggestions:

Use 'modulate state' on outbound TCP connections, use 'synproxy state' on inbound TCP connections destined for your LAN , and use 'keep state' on inbound TCP (to the firewall itself), in/outbound UDP and in/outbound ICMP.

Do not use things like queue(a, b) on non-TCP traffic. UDP and ICMP have no TCP acks, so this might confuse altq or have undesirable side-effects (like filling up the wrong queues).
Reply With Quote