[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[[email protected]: Re[2]: PF Filter rules & NAT]



----- Forwarded message from "Alejandro G. Belluscio" <[email protected]> -----
Date: Mon, 9 Dec 2002 13:12:53 -0300
From: "Alejandro G. Belluscio" <[email protected]>
X-Mailer: The Bat! (v1.51) UNREG / CD5BF9353B3B7091
Reply-To: "Alejandro G. Belluscio" <[email protected]>
X-Priority: 3 (Normal)
To: Saad Kadhi <[email protected]>
Subject: Re[2]: PF Filter rules & NAT
In-Reply-To: <[email protected]>
X-Spam-Status: No, hits=-3.6 required=5.0
	tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,
	      RCVD_IN_RFCI,REFERENCES,SIGNATURE_SHORT_DENSE,
	      SPAM_PHRASE_00_01,USER_AGENT_THEBAT
	version=2.41
X-Sanitizer: DocIsland Mail Filter
Hello Saad,
Monday, December 09, 2002, 12:43:11 PM, you wrote:
Saad> On Mon, Dec 09, 2002 at 12:30:53PM -0300, Alejandro G. Belluscio wrote:
>> Hello Saad,
>> 
>> Monday, December 09, 2002, 11:55:54 AM, you wrote:
>> SK>   pass out quick on $dmz_if proto tcp from $internal_net to $dmz_net \
>> SK>   flags S keep state 
>> Using flags S means filtering ECN. Which is a bad thing. Use S/SAFRUP
>> instead. This was not a problem until 3.2 (I think, may be 3.1)
>> because PF didn't supported ecn (or the kernel, or both, I made the
>> jump from 3.0 to 3.2, so I don't really know what happened in the
>> middle).
Saad> oh thanks! do you have a link to rtfm that "ECN" thingy ? :)
Explicy Congetion Notification.
RFC2481
http://www.icir.org/floyd/ecn.html
http://www-nrg.ee.lbl.gov/floyd/ecn.html
If youcould forward this to the list. Because somehow my cc didn't
worked.
I think this should be noted on the man page.
With the no-route clarification :-)
-- 
Best regards,
 Alejandro Belluscio
----- End forwarded message -----
-- 
Saad Kadhi -- [[email protected]] [[email protected]]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]
---
Can't fight the Systemagic
Uber tragic