From owner-freebsd-ipfw Mon Jul 22 12:36:38 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37D2937B400; Mon, 22 Jul 2002 12:36:36 -0700 (PDT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4770443E31; Mon, 22 Jul 2002 12:36:35 -0700 (PDT) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) by srv1.cosmo-project.de (8.12.3/8.12.3) with ESMTP id g6MJaT0i064382 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Mon, 22 Jul 2002 21:36:33 +0200 (CEST) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (localhost [IPv6:::1]) by cicely5.cicely.de (8.12.1/8.12.1) with ESMTP id g6MJaRFJ019530 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 22 Jul 2002 21:36:27 +0200 (CEST)?g (envelope-from ticso@cicely5.cicely.de) Received: (from ticso@localhost) by cicely5.cicely.de (8.12.1/8.12.1/Submit) id g6MJaRdY019529; Mon, 22 Jul 2002 21:36:27 +0200 (CEST)?g (envelope-from ticso) Date: Mon, 22 Jul 2002 21:36:27 +0200 From: Bernd Walter To: "Crist J. Clark" Cc: ticso@cicely.de, Didier Rwitura , ipfw@FreeBSD.ORG Subject: Re: disconection Message-ID: <20020722193626.GT83916@cicely5.cicely.de> Reply-To: ticso@cicely.de References: <200207181921.1340411.6@btsoftware.com> <005f01c22e83$e19188c0$b0120a0a@primustel.ca> <20020719085648.GI41699@cicely5.cicely.de> <20020722191319.GB51688@blossom.cjclark.org> <20020722193255.GS83916@cicely5.cicely.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020722193255.GS83916@cicely5.cicely.de> X-Operating-System: FreeBSD cicely5.cicely.de 5.0-CURRENT i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jul 22, 2002 at 09:32:56PM +0200, Bernd Walter wrote: > On Mon, Jul 22, 2002 at 12:13:19PM -0700, Crist J. Clark wrote: > > On Fri, Jul 19, 2002 at 10:56:49AM +0200, Bernd Walter wrote: > > > On Thu, Jul 18, 2002 at 01:52:26PM -0400, Didier Rwitura wrote: > > > > Thanx martin and Thomas > > > > > > > > - the auto-off is off completely .. I guess the reason is mostly the > > > > firewall > > > > > > > > - to answer Thomas > > > > > > > > yeap i do > > > > here are my ipfw rules : > > > > > > > > #allow ssh > > > > add 00300 allow tcp from 216.254.136.110 to any ssh in setup keep-state > > > > > > > > add 00301 allow tcp from any to any out setup keep-state > > > > > > > > add 00302 allow tcp from any ssh to any out setup keep-state > > > > add 00304 allow tcp from any to any ssh in > > > > add 00305 allow tcp from any to any out setup keep-state > > > > > > add 299 check-states > > > > It's 'check-state,' and adding it would be completely redundant. > > Using keep-state without check-state is bogus. Sorry - you are right - it's done at the first keep-state automagicaly. But nevertheless I would strongly suggest adding a check-state to make the situation clear about what happens. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message