Date: Thu, 12 Sep 2002 17:40:27 -0400 From: Chuck Swiger <cswiger@mac.com> To: freebsd-security@FreeBSD.ORG Subject: Re: ipfw, natd, and keep-state - strange behavior? Message-ID: <40991368-C698-11D6-90D4-000A27D85A7E@mac.com> In-Reply-To: <DA6132B6-C696-11D6-90D4-000A27D85A7E@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, September 12, 2002, at 05:30 PM, Chuck Swiger wrote:
> Ok. Here are the equivalent static rules:
>
> allow tcp from $INET to any 22 setup
> allow tcp from any 22 to $INET established
Either remove the "setup" keyword, or add the "log" keyword to the first
line and and this rule as well:
allow tcp from $INET to any 22 established
...depending on whether or not you want to log SSH connections.
-Chuck
Chuck Swiger | chuck@codefab.com | All your packets are belong to
us.
-------------+-------------------+-----------------------------------
"The human race's favorite method for being in control of the facts
is to ignore them." -Celia Green
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40991368-C698-11D6-90D4-000A27D85A7E>