Date: Wed, 15 Nov 2000 12:10:31 -0500 From: "Elliott Perrin" <eperrin@bigorbit.com> To: <freebsd-ipfw@freebsd.org> Subject: Stateful rules Message-ID: <01cc01c04f26$f68bc300$0c01a8c0@bottleneck2000>
next in thread | raw e-mail | index | archive | help
Quick question about the keep-state and check-state options in ipfw. I have been playing with stateful inspection on a test box and was wondering why I am getting no counter values associated with the check-state rule on this machine. Loads of counter values on the keep-state rules but none on the check-state. So I was wondering if this is "normal" or if there is something I am missing. The rules are as follows (this is not a live server , I just want to see stateful in action of some sort first on this test box) 100 check-state 200 allow tcp from any to any 80 300 allow tcp from any to any 25 keep-state 400 allow tcp from any to any 110 keep-state 500 allow tcp from any to any 119 keep-state The counters for 300 - 500 are increasing in a manner I would expect, but the counters for rule 100 stay the exact same, 0 and 0. I also noticed that when I had the rule 150 deny tcp from any to any established all connections to POP3 and SMTP are being denied, yet I thought that the check-state rule would allow this. I tried using setup in the same ruleset for the keep-state options and got the same result. eperrin@bigorbit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01cc01c04f26$f68bc300$0c01a8c0>