From owner-freebsd-small  Mon Aug 20  6:44:14 2001
Delivered-To: freebsd-small@freebsd.org
Received: from mailout03.sul.t-online.de (mailout03.sul.t-online.com [194.25.134.81])
	by hub.freebsd.org (Postfix) with ESMTP id 3006E37B411
	for <freebsd-small@freebsd.org>; Mon, 20 Aug 2001 06:44:11 -0700 (PDT)
	(envelope-from rabat@web.de)
Received: from fwd02.sul.t-online.de 
	by mailout03.sul.t-online.de with smtp 
	id 15YpL8-0006c2-0F; Mon, 20 Aug 2001 15:43:38 +0200
Received: from spotteswoode.yi.org (520082050842-0001@[62.155.170.167]) by fmrl02.sul.t-online.com
	with smtp id 15YpL2-2E51dIC; Mon, 20 Aug 2001 15:43:32 +0200
Received: (qmail 1407 invoked by uid 0); 20 Aug 2001 13:43:54 -0000
Date: 20 Aug 2001 15:43:54 +0200
Message-ID: <20010820154354.O958@spotteswoode.yi.org>
From: "clemensF" <rabat@web.de>
Mail-Followup-To: "Albert Yang" <albert@achtung.com>,
	freebsd-small@freebsd.org
To: "Albert Yang" <albert@achtung.com>, freebsd-small@freebsd.org
Subject: Re: Stateful
References: <39B7A867.14388.FD8738@localhost> <Pine.BSF.4.21.0009071706020.48373-100000@sneakerz.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0009071706020.48373-100000@sneakerz.org>; from missnglnk@sneakerz.org on Thu, Sep 07, 2000 at 05:09:27PM -0500
Organization: private
X-PGP-ID: 0x214190AF
X-Stamper-To: post@stamper.itconsult.co.uk
X-Sender: 520082050842-0001@t-dialin.net
Sender: owner-freebsd-small@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-small.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-small>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-small>
X-Loop: FreeBSD.ORG

> On Thu, 7 Sep 2000, Albert Yang wrote:
> 
> > Date: Thu, 7 Sep 2000 14:38:31 -0700
> > From: Albert Yang <albert@achtung.com>
> > To: freebsd-small@freebsd.org
> > Subject: Stateful
> 
> ipfw add check-state
> ipfw add allow ip from any to any in via internalN keep-state
> ipfw add allow ip from any to any out via internalN keep-state
> ipfw add allow ip from any to any out via externalN keep-state
> ipfw add deny ip from any to any

is this really all one has to do?  no tweaks with sysctl(1) or somesuch? 
are {in,ex}ternalN expanded by ipfw(1)?

regards,

clemens fischer

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message