Date: Sat, 4 Oct 2003 18:02:10 +0200 From: "Roderick van Domburg" <r.s.a.vandomburg@student.utwente.nl> To: <freebsd-ipfw@freebsd.org> Subject: When to use setup keyword? Message-ID: <006b01c38a90$dea3b420$6ba55982@gog>
next in thread | raw e-mail | index | archive | help
Hello everyone,
I was pondering if blindly trailing every tcp rule with the 'setup' keyword
would incur any performance loss or security hazard.
I've got a server setup serving FTP, SSH, SMTP, DNS and HTTP. My rules in
question are the following:
allow tcp from any to {$ip} dst-port 21 setup
allow tcp from any to {$ip} dst-port 22 setup
allow tcp from any to {$ip} dst-port 25 setup
allow tcp from any to {$ip} dst-port 53 setup
allow tcp from any to {$ip} dst-port 80 setup
All services run just fine, but I was thinking that excluding 'setup' here
and there would make for a cleaner solution? For example, I don't think that
HTTP (even 1.1) requires the setup keyword does it?
Regards,
Roderick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006b01c38a90$dea3b420$6ba55982>