From owner-freebsd-ipfw@FreeBSD.ORG Mon Jan 16 20:09:46 2012 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F116E1065673 for ; Mon, 16 Jan 2012 20:09:46 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-tul01m020-f182.google.com (mail-tul01m020-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id C32DA8FC17 for ; Mon, 16 Jan 2012 20:09:46 +0000 (UTC) Received: by obcwo16 with SMTP id wo16so1979158obc.13 for ; Mon, 16 Jan 2012 12:09:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.182.52.66 with SMTP id r2mr12231462obo.56.1326742809007; Mon, 16 Jan 2012 11:40:09 -0800 (PST) Received: by 10.60.96.161 with HTTP; Mon, 16 Jan 2012 11:40:08 -0800 (PST) In-Reply-To: References: Date: Mon, 16 Jan 2012 11:40:08 -0800 Message-ID: From: Michael Sierchio To: Freddie Cash Content-Type: text/plain; charset=ISO-8859-1 Cc: vip 71541 , ipfw@freebsd.org Subject: Re: Problem with passive ftp in IPFW! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2012 20:09:47 -0000 On Mon, Jan 16, 2012 at 11:05 AM, Freddie Cash wrote: > Personally, I don't use skipto rules, as I find them to just cause > confusion. ... skipto rules are essential in numerous instances, especially once you start using tableargs, or want to partition your ruleset based on incoming interface. > Personally, I also don't use stateful filter rules ... Perhaps not, but they're useful for outbound connections/dns queries/etc.