Date: 08 Dec 2001 23:41:29 -0100 From: Harald Schmalzbauer <H@Schmalzbauer.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: ipfw, keep-state and ssh Message-ID: <1007858489.618.18.camel@adm01.belenus.com> In-Reply-To: <20011208223731.GA28158@leviathan.inethouston.net> References: <1007816782.618.0.camel@adm01.belenus.com> <20011208223731.GA28158@leviathan.inethouston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Sa , 2001-12-08 um 23.37 schrieb David W. Chapman Jr.: > On Sat, Dec 08, 2001 at 12:06:22PM -0100, Harald Schmalzbauer wrote: > > Hello, > > > > today I set up a packet filter with ipfw. The last time I have used it > > was long before 4.0 so keep-state is new to me (for IPFW, I know it in > > IPFilter). *snip* > > pass? But then keep-state is useless for TCP. > > The problem is ipfw's states aren't really states, they are timers. > SSH sends a keep-alive around every 10 mins, way past the default > settings for the timer in ipfw. REALLY? Sorry for crying but this means I have to rewrite my rules again. But it explains my errors. *argh* Perhaps this should be clarified for those like me. The ones who are overflying pages when they think they know the function:-( To be precisley almost nothing works correctly. I've posted my rules before, so if anyone is interested: I removed the SA (Setup) from the rules, otherwise every connection dies after timeout. But even if I allow TCP-ACK links to set state, suddenly, I couldn't figure out when, the link dies. Even while typing. And that's not nice. OK, I'll rewrite it like "Doppelte Buchführung". The thing that comes in has to go somewhere out;-) Thanks, -Harry > > -- > David W. Chapman Jr. > dwcjr@inethouston.net Raintree Network Services, Inc. <www.inethouston.net> > dwcjr@freebsd.org FreeBSD Committer <www.FreeBSD.org> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1007858489.618.18.camel>