On Wed, Jan 17, 2007 at 01:12:52PM -0500, mdpeters wrote:
> I am getting syslogging messages now. I have to wait until the evening
> to test it live again.
>
> Do the other rules look fine to you? I am used to other products like
> Checkpoint. If there is a cleaner way I would like to hear about it.
>
> NAT hosts are in various networks internally. I might have one in the
> DMZ right off one ipfilter interface while another host sits on the LAN.
>
> Thanks for the logging tip. The obvious right?
I haven't looked over your rules in depth... I'd rather not take the time to
analyze them when your logs will tell you exactly what rule is causing the
problems.
Besides - you're not getting to the rules yet - pfil isn't even loaded.
--
Phil Dibowitz phil@ipom.com
Open Source software and tech docs Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"Never write it in C if you can do it in 'awk';
Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr'
can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid
using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: Digital signature
|