We need to open up a large range of UDP ports to our appliance. I see no reference that says that the IN gateway accepts a port range. I know we could branch the class, customize the iptables script, and do it that way, but it would be so much easier to just modify the properties of the existing class.

Is this possible and we just missed it or do we need to customize it?

Bitnetix,

IN is a pretty basic appliance. It supports a single protocol/port.

There are two simple options (beside branching and customizing the gateway):
- you can use IN's iface4_protocol set to 17 (UDP), and leave iface4_port = 0 (which will let ALL UDP ports in). Note that iface4 is different from iface1..3, specifically in order to allow more flexibility
- you can use INSSL instead of IN; configure l7_protocol=none, l3_accept_proto=udp, l3_accept_port=M:N; and connect to its 'aux' output (you will essentially disable the L7 functions, incl. http/https and use only the L3 gateway function)

HTH,
-- Peter

The INSSL approach is probably the one we'll take. We don't want to open up too many ports.

Thanks!