Date: Sat, 18 Sep 2004 21:02:08 -0700 From: "J.T. Davies" <jtd@hostthecoast.org> To: <freebsd-ipfw@freebsd.org> Subject: Dynamic rules & stats Message-ID: <000c01c49dfd$7e556970$90e6d2d1@Jay>
next in thread | raw e-mail | index | archive | help
Please someone smack me around and correct me if I'm mistaken. =20 I'm using 5.1 Release p13 =20 I've got IPFW2 enabled. Stateless & stateful rules are working = correctly. I'm trying to incorporate/"upgrade" to dynamic rulesets, but I'm = confused. =20 I've got the following rules: =20 1000 check-state 2000 allow tcp from any 1024-65535 to mysvrIP 25,110 in via = outsideinterface setup keep-state =20 =20 Now, when I check mail from an outside client (mail transfer is = successful), and then I do IPFW SHOW, the traffic counters for rule 2000 are ever increasing, but 1000 stays at 0. Every mail transfer (whether POP3 or = SMTP) increments 2000, but never 1000. =20 Is this correct? I *thought* that this should work somewhat like the "setup" and the "established" methods of a stateful firewall = configuration. =20 If I remark rule 1000...traffic still passes through. =20 Oh, I also do see dynamic rules being created/expired by running 'ipfw = -d -e list' =20 Ideas? Currently, it seems the rules are working, but the "0" for rule = 1000 bothers me. Should I be bothered? Thanks all! J.T.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c49dfd$7e556970$90e6d2d1>