From owner-freebsd-net Fri Feb 15 10:14:47 2002 Delivered-To: freebsd-net@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id 4476E37B402 for ; Fri, 15 Feb 2002 10:14:39 -0800 (PST) Received: (qmail 4153 invoked from network); 15 Feb 2002 18:14:38 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 15 Feb 2002 18:14:38 -0000 Message-ID: <3C6D500E.50609@tenebras.com> Date: Fri, 15 Feb 2002 10:14:38 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20020131 X-Accept-Language: en-us MIME-Version: 1.0 To: "Earl A. Killian" Cc: Chris Dillon , "Rogier R. Mulhuijzen" , Luigi Rizzo , freebsd-ipfw@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Bug in stateful code? References: <5.1.0.14.0.20020214221354.01c37da0@mail.drwilco.net> <15469.17124.999950.13271@sax.killian.com> <3C6D47D9.10003@tenebras.com> <15469.19149.677645.220962@sax.killian.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Earl A. Killian wrote: > So then I'm asking how does anything ever get into that table, if > incoming packets are all denied? Are SYN packets exempted from > -deny_incoming? No, SYN packets aren't exempted. Incoming packets that are associated with a pre-existing connection (or attempt) originating from the inside are permitted. The other option is to set '-target_address', which would redirect such incoming packets to a particular address. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message