Date: 26 Nov 2003 09:14:51 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "Vahric MUHTARYAN" <vahric@doruk.net.tr> Cc: freebsd-questions@freebsd.org Subject: Re: About setup and established Questions and log tracking Program Message-ID: <448ym3kyhw.fsf@be-well.ilk.org> In-Reply-To: <002f01c3b33e$793c3900$110d3ad4@VAHOXP> References: <002f01c3b33e$793c3900$110d3ad4@VAHOXP>
next in thread | previous in thread | raw e-mail | index | archive | help
"Vahric MUHTARYAN" <vahric@doruk.net.tr> writes:
> # Allow TCP through if setup succeeded
> ${fwcmd} add pass tcp from any to any established
>
> # Allow setup of incoming email
> ${fwcmd} add pass tcp from any to ${ip} 25 setup
>
>
> I checked man page of ipfw ; setup matches packets have SYN bit or not
> ....
> Upper rule is accepting setuped connections that ok ( please correct if
> I wrong )
>
> Question is Why I need to set setup options on secound rule ...
> I mean I must to open 25 ( smtp port ) to all What is the setup option
> role ...
You're right; given the first rule, the "setup" qualifier on the
second is redundant. [I like to leave it in as a reminder to the
human reading the rules, though.]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?448ym3kyhw.fsf>