Date: Sat, 4 Oct 2003 18:02:10 +0200 From: "Roderick van Domburg" <r.s.a.vandomburg@student.utwente.nl> To: <freebsd-ipfw@freebsd.org> Subject: When to use setup keyword? Message-ID: <006b01c38a90$dea3b420$6ba55982@gog>
next in thread | raw e-mail | index | archive | help
Hello everyone, I was pondering if blindly trailing every tcp rule with the 'setup' keyword would incur any performance loss or security hazard. I've got a server setup serving FTP, SSH, SMTP, DNS and HTTP. My rules in question are the following: allow tcp from any to {$ip} dst-port 21 setup allow tcp from any to {$ip} dst-port 22 setup allow tcp from any to {$ip} dst-port 25 setup allow tcp from any to {$ip} dst-port 53 setup allow tcp from any to {$ip} dst-port 80 setup All services run just fine, but I was thinking that excluding 'setup' here and there would make for a cleaner solution? For example, I don't think that HTTP (even 1.1) requires the setup keyword does it? Regards, Roderick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006b01c38a90$dea3b420$6ba55982>