Date: Sun, 6 Jan 2002 13:20:33 -0500 From: "C J Michaels" <cjm2@earthling.net> To: "Vincent Chen" <vctw@yahoo.com> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: RE: stateful firewall rule Message-ID: <OGEFLCDDBCNNBEFGIFEFMEJJCAAA.cjm2@earthling.net> In-Reply-To: <20011220032030.84382.qmail@web20006.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Did you add the subsiquent rule of: ipfw add allow tcp from my-net to any setup keep-state When I was looking up information on stateful rules it was suggested to use: ipfw add aloow tcp from my-net t- any out keep-state Hope this helps, --Chris -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Vincent Chen Sent: Wednesday, December 19, 2001 10:21 PM To: FreeBSD maillist Subject: stateful firewall rule Dear all, I just installed stateful rules in my FreeBSD as firewall. I can telnet to hosts outside but the connection will abort shortly. There are 2 lines in my rule which suggested in manual page. 2000 check-state 2001 deny log tcp from any to any established According to the following log entry: /kernel: ipfw: 2001 Deny TCP me:1204 remote:23 out I thought the firewall will recognize this session and keep for me. Why the rule 2001 block my connection? Thanks for your help, Vincent Chen __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OGEFLCDDBCNNBEFGIFEFMEJJCAAA.cjm2>