Re: [m0n0wall] Possible bug: LAN redirection via static route

From:	=?ISO-8859-1?Q?Michael_=D8stergaard_Pedersen?= <michael at bytopia dot dk>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Possible bug: LAN redirection via static route
Date:	Wed, 19 May 2004 10:56:20 +0200 (CEST)

I have not received any feedback on the problems I have had and my
solution, so I will just post a quick question.

Since the problem is somehow related to states, would it be possible to
add an extra checkbox when you create a rule? Checking that box would mean
that this rule would match packets regardless of the state of the
connection they are related to.

Example:

Right now my default LAN -> all rule looks like this:

@2 pass in quick from 192.168.1.0/24 to any keep state group 100

But as described in my earlier posts this rule will not match a packet
from 192.168.1.0/24 in all cases.

The following rule, however, does exactly that:

@68 pass in quick on dc0 from 192.168.1.0/24 to any

On a side note: This rule instead of the above:

@68 pass in quick on dc0 from 192.168.1.0/24 to any group 100

does not work for some reason.

I don't know exactly how this should be done, but it would be very nice to
have a checkbox when you create a rule that would create rules of a kind
that would allow a packet no matter if it belongs to a known connection or
not. From what I have heard I am not the only one with this problem.

Regards,
Michael