From owner-freebsd-questions Sun Jan 6 10:20:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.27in.tv (roc-66-24-112-7.rochester.rr.com [66.24.112.7]) by hub.freebsd.org (Postfix) with ESMTP id D4CEF37B419 for ; Sun, 6 Jan 2002 10:20:15 -0800 (PST) Received: (from root@localhost) by mail.27in.tv (8.11.6/8.11.6) id g06IKFF06112; Sun, 6 Jan 2002 13:20:15 -0500 (EST) (envelope-from cjm2@earthling.net) Received: from maxpower (trilluser@maxpower.lan.27in.tv [10.0.0.250]) by mail.27in.tv (8.11.6/8.11.6av) with SMTP id g06IKDq06098; Sun, 6 Jan 2002 13:20:13 -0500 (EST) (envelope-from cjm2@earthling.net) From: "C J Michaels" To: "Vincent Chen" Cc: "FreeBSD Questions" Subject: RE: stateful firewall rule Date: Sun, 6 Jan 2002 13:20:33 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <20011220032030.84382.qmail@web20006.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Did you add the subsiquent rule of: ipfw add allow tcp from my-net to any setup keep-state When I was looking up information on stateful rules it was suggested to use: ipfw add aloow tcp from my-net t- any out keep-state Hope this helps, --Chris -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Vincent Chen Sent: Wednesday, December 19, 2001 10:21 PM To: FreeBSD maillist Subject: stateful firewall rule Dear all, I just installed stateful rules in my FreeBSD as firewall. I can telnet to hosts outside but the connection will abort shortly. There are 2 lines in my rule which suggested in manual page. 2000 check-state 2001 deny log tcp from any to any established According to the following log entry: /kernel: ipfw: 2001 Deny TCP me:1204 remote:23 out I thought the firewall will recognize this session and keep for me. Why the rule 2001 block my connection? Thanks for your help, Vincent Chen __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message