Re: Redirect of https does not work in this config

[Nick <nagray_(_at_)_austin_(_dot_)_rr_(_dot_)_com>]

I am finding it useful for learning. I am using it to rewrite the rules
that I have had since 2.9. After three or four attempts I am able to
come up with the roughly same rule.

Mostly I look at the rules it generates, and think "why did it come up
with that" and a few were better than mine.

The one good thing about it (or maybee not) is that it has me thinking
about this internal traffic rule

block in   quick inet  from any  to any
block out  quick inet  from any  to any

I normally have this below

block in   quick on xl0 inet  from any  to any
block out  quick on xl0 inet  from any  to any

But I wonder if the former set isn't better (assuming, I can get them to
work).


On Thu, 2003-12-18 at 00:39, Brian Keefer wrote:
> On Wed, 2003-12-17 at 20:54, Nick wrote:
> > Thanks for the quick replies. These rules were generated by fwbuilder.
> > 
> > This tool (despite the segfaults every 10 minutes) looks promising if
> > you need to configure BSD/PIX/IpTables.
> > 
> 
> Off topic slightly, but I didn't find fwbuilder that useful.  Perhaps
> for iptables it would be useful, since iptables has possibly the most
> bizarre syntax ever.  For pf (and similar with PIX) I found it *much*
> faster to write the rules by hand.
> 
> If you aren't opposed to buying a book, I found Absolute OpenBSD by
> Lucas, published by No Starch to have very good descriptions and
> examples of pf.
> 
> Just my $0.02.
-- 
Nick (Nix) Gray
Senior Systems Engineer
Bruzenak Inc.
(512) 331-7998