From owner-freebsd-ipfw@FreeBSD.ORG  Thu Aug 30 08:43:23 2007
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1661D16A417
	for <freebsd-ipfw@freebsd.org>; Thu, 30 Aug 2007 08:43:23 +0000 (UTC)
	(envelope-from vadimnuclight@tpu.ru)
Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102])
	by mx1.freebsd.org (Postfix) with ESMTP id B229B13C48A
	for <freebsd-ipfw@freebsd.org>; Thu, 30 Aug 2007 08:43:22 +0000 (UTC)
	(envelope-from vadimnuclight@tpu.ru)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by relay1.tpu.ru (Postfix) with ESMTP id C15D510539C
	for <freebsd-ipfw@freebsd.org>; Thu, 30 Aug 2007 15:10:14 +0700 (NOVST)
X-Virus-Scanned: amavisd-new at tpu.ru
Received: from relay1.tpu.ru ([127.0.0.1])
	by localhost (relay1.tpu.ru [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Awm-BAumBJON for <freebsd-ipfw@freebsd.org>;
	Thu, 30 Aug 2007 15:09:42 +0700 (NOVST)
Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3])
	by relay1.tpu.ru (Postfix) with ESMTP id 61B601053A2
	for <freebsd-ipfw@freebsd.org>; Thu, 30 Aug 2007 14:32:42 +0700 (NOVST)
Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with
	Microsoft SMTPSVC(6.0.3790.3959); Thu, 30 Aug 2007 14:32:42 +0700
Received: from nuclight.avtf.net ([83.172.2.134]) by mail.tpu.ru over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.3959); 
	Thu, 30 Aug 2007 14:32:42 +0700
Date: Thu, 30 Aug 2007 14:32:40 +0700
To: freebsd-ipfw@freebsd.org
References: <46D66176.9020300@auckland.ac.nz>
From: "Vadim Goncharov" <vadimnuclight@tpu.ru>
Organization: AVTF TPU Hostel
Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <optxu28qxu4fjv08@nuclight.avtf.net>
In-Reply-To: <46D66176.9020300@auckland.ac.nz>
User-Agent: Opera M2/7.54 (Win32, build 3865)
X-OriginalArrivalTime: 30 Aug 2007 07:32:42.0082 (UTC)
	FILETIME=[F31A8C20:01C7EAD7]
Subject: Re: getting state to work properly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Aug 2007 08:43:23 -0000

30.08.07 @ 13:19 Russell Fulton wrote:

> If anyone wants to have a look at the rule set I'm happy to mail it to
> them but I don't want it appearing in a public mail archive ;)

You can simply replace all your IP addresses to strings like X.X.X.X,  
Y.Y.Y.Y, Z.Z.Z.0/24 etc., and then post it here. That's nothing  
interesting in ruleset without real addresses, IMHO. Without ruleset it's  
possible to give only the most general advices, like remembering packet  
flow (always in and out, two passes), check-state, rule ordering, and so  
on.

-- 
WBR, Vadim Goncharov