I was desiring to make some simple fw rules for pppoe connection, so that a return channel is automatically opened for the rule
@n.fort what changes i need to make ?? Since source address for pppoe is dynamic keeps changing
If you allow connections with state established or related if will automatically allow responses to connections you have initiated.
That’s what he did with the following global policy:
## Accept established/related connections and drop invalid
set firewall global-options state-policy established action accept
set firewall global-options state-policy related action accept
set firewall global-options state-policy invalid action drop
You can also do it with rules like these:
rule 10 {
action "accept"
description "Allow established/related"
state "established"
state "related"
}
rule 20 {
action "drop"
description "Drop invalid packets"
state "invalid"
}
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.