Date: Sat, 12 Jan 2002 17:31:29 -0800 From: Gregory Sutter <gsutter@zer0.org> To: stable@FreeBSD.ORG Subject: Re: tcp keepalive and dynamic ipfw rules Message-ID: <20020113013129.GC5234@klapaucius.zer0.org> In-Reply-To: <15424.33362.685365.782853@caddis.yogotech.com> References: <20020112123054.A20486@localhost> <B865C95B.911F%freebsd@damnhippie.dyndns.org> <15424.33362.685365.782853@caddis.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2002-01-12 11:37 -0700, Nate Williams <nate@yogotech.com> wrote: > > > I have setup a dynamic firewall for my personal computer with such rules > > > > > > ipfw add check-state > > > ipfw add deny tcp from any to any established > > This rule doesn't do a heck of a lot, unless you have by default an > 'open' setup. A better idea may be to add the 'log' keyword to this rule, so you can see if someone is passing packets with fake 'established' flags. Then, of course, deny all other unknown packets later. > # Allow me to make UDP connections > ipfw add check-state > ipfw add pass udp from me to any keep-state out This check-state rule is superflous, since the state will be checked at the keep-state rule if no check-state rule is present. Does anyone know of a place where one can look at a number of firewall rulesets? I'm working on improving mine and would like to see the neat things people have come up with. Greg -- Gregory S. Sutter The process of scientific discovery mailto:gsutter@zer0.org is, in effect, a continual flight http://www.zer0.org/~gsutter/ from wonder. --Albert Einstein hkp://wwwkeys.pgp.net/0x845DFEDD [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQE8QONxIBUx1YRd/t0RAqgRAJ98XEIZq+PKsNRj8wUuqBGtXy0lhwCfblB/ Kjryfk1mxCk2ZFvW5fVlOgo= =8p7a -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113013129.GC5234>