View Single Post
  #3   (View Single Post)  
Old 12th May 2009
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

Quote:
Originally Posted by BSDfan666 View Post


There is only one difference between those 2 rules, direction... the former passes out udp packets matching $udp_services, the latter is the same as specifying both in and out.
This is exactly what I wanted to hear. I have never understood why people are leaving domain (udp) totally open when passing out and keeping state
will work for most users.



Quote:
Originally Posted by BSDfan666 View Post
I don't understand the question, the first rule is redundant.. { lo $ext_if } matches on both interfaces in the lo group and $ext_if, which pretty much just means lo0 and rl0.

Hope that helps...
Does one really need to antispoof lo? I noticed the man pages do recommend antispoofing on lo but most people do not have it.
Having in mind that I am setting skip on lo antispoof should do nothing on
lo anyway. Am I mistaken?
Reply With Quote