Hello,

I have DLF-1600 firewall working in transparent mode, all stateful
connections are working brilliant, however for passive fingerprinting
purposes I need to bypass stateful engine and forward packet straight
to linux box. There is FwdFast rule, but it triggers only on incoming
traffic, not outcoming. I've tried to make it together with SAT rule
but no success. I've got two rules to accomplish it:

SMTP_in FwdFast any all-nets any IP_SMTP smtp
SMTP_out FwdFast any IP_SMTP any all-nets smtp

And only first one is trigerred, although IP_STMP responses correctly,
tcpdump from IP_SMTP
IP 190.44.192.17.45558 > 213.15.35.135.25: F 815:815(0) ack 293 win
65243
IP 213.15.35.135.25 > 190.44.192.17.45558: . ack 816 win 6850

Could you please help me with this issue?

Best Regards,
Tomasz

tom wrote:

> I have DLF-1600 firewall [...]

> Could you please help me with this issue?

Did you contact the support from the vendor?
BTW: which firmware are you running ..., and well a slight hint might be
that Clavister introduced the pcap command in version 8.90 of their
firewall core, which was released about 2-3 months ago.

;-)

I'd try 'help pcap' on the console.

Wolfgang