Date: Thu, 22 Mar 2001 16:42:15 +0100 From: "Andre Goeree" <abgoeree@uwnet.nl> To: stable@freebsd.org Subject: ipfw stateful filtering Message-ID: <20010322164215.A20386@mandark.attica.home>
next in thread | raw e-mail | index | archive | help
Hello, I'm experimenting a little with stateful filtering. Somehow it doesn't work like i expect; output of "ipfw show": 00100 0 0 check-state 00200 2874 690508 allow ip from any to any via lo0 [snip address checking rules] 02100 0 0 deny tcp from any to any via tun* established 02200 890 308516 allow tcp from any 4000-5000 to any keep-state out xmit tun* setup [snip local network rules] ## Dynamic rules: 02200 889 308472 (T 0, # 176) ty 0 tcp, XXX.XXX.XXX.XXX 4025 <-> XXX.XXX.XXX.XXX 110 It appears that the check-state rule never matches.. Am i overlooking something? --Andre. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010322164215.A20386>