Date: Thu, 30 Mar 2000 11:16:47 -0300 (GMT) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: batie@rdrop.com (Alan Batie) Cc: pccb@yahoo.com, freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules Message-ID: <200003301416.LAA04481@ns1.via-net-works.net.ar> In-Reply-To: <20000329095845.54716@rdrop.com> from Alan Batie at "Mar 29, 0 09:58:45 am"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior, Alan Batie escribió: > On the other hand, it's not clear just what keep-state/check-state do > either; what is the difference between the example: > > ipfw add check-state > ipfw add deny tcp from any to any established > ipfw add allow tcp from my-net to any setup keep-state > > and > > ipfw add allow tcp from any to my-net established > ipfw add allow tcp from my-net to any This permits packets with ACK turned on, even if there wasn't a SYN before. The former doesn't. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003301416.LAA04481>