Date: Fri, 15 Feb 2002 10:14:38 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: "Earl A. Killian" <earl@killian.com> Cc: Chris Dillon <cdillon@wolves.k12.mo.us>, "Rogier R. Mulhuijzen" <drwilco@drwilco.net>, Luigi Rizzo <rizzo@icir.org>, freebsd-ipfw@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Bug in stateful code? Message-ID: <3C6D500E.50609@tenebras.com> References: <5.1.0.14.0.20020214221354.01c37da0@mail.drwilco.net> <Pine.BSF.4.32.0202151003240.92211-100000@mail.wolves.k12.mo.us> <15469.17124.999950.13271@sax.killian.com> <3C6D47D9.10003@tenebras.com> <15469.19149.677645.220962@sax.killian.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Earl A. Killian wrote: > So then I'm asking how does anything ever get into that table, if > incoming packets are all denied? Are SYN packets exempted from > -deny_incoming? No, SYN packets aren't exempted. Incoming packets that are associated with a pre-existing connection (or attempt) originating from the inside are permitted. The other option is to set '-target_address', which would redirect such incoming packets to a particular address. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C6D500E.50609>