From owner-freebsd-questions  Fri Jun 14 12: 1:43 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from netserv1.urc.ac.ru (netserv1.urc.ac.ru [193.233.85.33])
	by hub.freebsd.org (Postfix) with ESMTP id 547C237B403
	for <questions@FreeBSD.ORG>; Fri, 14 Jun 2002 12:01:35 -0700 (PDT)
Received: (from uucp@localhost)
	by netserv1.urc.ac.ru (8.11.6/8.11.6) with UUCP id g5EJ1RC26777;
	Sat, 15 Jun 2002 01:01:27 +0600 (YEKST)
	(envelope-from ilia@academy.urc.ac.ru)
Received: from localhost (localhost [127.0.0.1])
	by sol.chel.skbkontur.ru (8.12.3/8.12.3) with ESMTP id g5EHIVIA046251
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Fri, 14 Jun 2002 23:18:35 +0600 (YEKST)
	(envelope-from ilia@academy.urc.ac.ru)
Date: Fri, 14 Jun 2002 23:18:31 +0600 (YEKST)
From: =?koi8-r?B?6czY0SD7ydDJw8nO?= <ilia@academy.urc.ac.ru>
X-X-Sender: ilia@sol.chel.skbkontur.ru
To: Joe & Fhe Barbish <barbish@a1poweruser.com>
Cc: FBSDQ <questions@FreeBSD.ORG>
Subject: RE: ipfw: outgoing connections only
In-Reply-To: <MIEPLLIBMLEEABPDBIEGGELDCCAA.barbish@a1poweruser.com>
Message-ID: <20020614231408.D46238-100000@sol.chel.skbkontur.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

>
> # Allow the packet through if it has previous been added to the
> # the "dynamic" rules table by an allow keep-state statement.
> $cmd 00400 check-state
>
> # Run all private LAN xl0 packet traffic through the dynamic rules
> # table so the IP address are in sync with Natd. You would have one
> # rule like this for each Nic card you have for private lans.
> $cmd 00500 allow all from any to any via xl0 keep-state

for example, I "count" traffic by the following rule:

/sbin/ipfw add 12 count ip from any to me uid squid via tun1 in

upon which numbers shoud I "add" keep-state and check-state rules
in order to count bytes anyway ?

upon which number "dynamic" rules are created ?

Regards,
Ilia Chipitsine


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message