Hi,

> I think I'll just change the filter rule generator to
unconditionally
> allow traffic between an interface's main subnet and the statically
> routed subnets defined for that same interface. Don't want another
> mostly useless and potentially very dangerous option that most users
> probably wouldn't be able to understand.

Ah - right - if there's a static route you don't need to check if
there's a firewall rule which belongs to it, because this rule would be
mostly useless anyway. Not only the traffic between the main subnet and
statically routed subnets, but also the traffic between any 2 statically
routed subnets with a gateway on the same subnet should be affected by
this problem.

Btw, is there a world-readable CVS repository of the code somewhere or
are the beta releases the only possibility to use new features?

cu
/gst