From owner-freebsd-questions@FreeBSD.ORG Fri Sep 17 15:45:00 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C796316A4CE for ; Fri, 17 Sep 2004 15:45:00 +0000 (GMT) Received: from smtp2.tsgincorporated.com (ns2.tsgincorporated.com [67.66.242.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6676043D2F for ; Fri, 17 Sep 2004 15:45:00 +0000 (GMT) (envelope-from micheal@tsgincorporated.com) Received: from support.tsgincorporated.com (support.tsgincorporated.com [67.66.242.9])i8HFiQZ6053822; Fri, 17 Sep 2004 10:44:26 -0500 (CDT) (envelope-from micheal@tsgincorporated.com) Received: from micheal (micheal.tsgincorporated.com [67.66.242.77]) i8HFiQiR013281; Fri, 17 Sep 2004 10:44:26 -0500 (CDT) (envelope-from micheal@tsgincorporated.com) Message-ID: <06fd01c49ccd$36e91450$4df24243@tsgincorporated.com> From: "Micheal Patterson" To: "Norm Vilmer" References: <414A6E9C.4060708@etherealconsulting.com><020b01c49c76$e3d1ada0$0201a8c0@dredster> <414AF79C.4030809@etherealconsulting.com> <06af01c49cc5$b0b615b0$4df24243@tsgincorporated.com> <414B02FD.6020703@etherealconsulting.com> Date: Fri, 17 Sep 2004 10:44:26 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: by amavisd-new cc: freebsd-questions@freebsd.org Subject: Re: Too many dynamic rules, sorry X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Sep 2004 15:45:00 -0000 ----- Original Message ----- From: "Norm Vilmer" To: "Micheal Patterson" Cc: Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry > > I do have a check-state rule > > add 00200 check-state > > Norm Vilmer Ok. Then right above the check-state entry, place an allow ip from 123.123.123/24 to 123.123.123./24 Replace the ip's with the appropriate network/metric for your lan and that will allow lan traffic to go to itself unhindered by any stateful checks. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.