From owner-freebsd-questions Thu Jun 7 12: 4:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhub.cns.ksu.edu (grunt.ksu.ksu.edu [129.130.12.17]) by hub.freebsd.org (Postfix) with ESMTP id 291B737B405 for ; Thu, 7 Jun 2001 12:04:16 -0700 (PDT) (envelope-from jdt2101@ksu.edu) Received: from unix1 (jdt2101@unix1.cc.ksu.edu [129.130.12.3]) by mailhub.cns.ksu.edu (8.9.1/8.9.1/mailhub+tar) with SMTP id OAA24637 for ; Thu, 7 Jun 2001 14:04:15 -0500 (CDT) Received: from localhost by unix1 (SMI-8.6/1.34) id OAA01754; Thu, 7 Jun 2001 14:03:44 -0500 Date: Thu, 7 Jun 2001 14:03:44 -0500 (CDT) From: Josh Thomas X-Sender: jdt2101@unix1.cc.ksu.edu To: freebsd-questions@freebsd.org Subject: IPFW rules and outward connections Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am looking to set up a firewall to be closed to all incoming connections except for 20-22 (for ftp and ssh), and to allow all outward connections. However, I'm having trouble specifically keeping the dynamically assigned ports above 1024 for normal usage open. ie, http from other machines, ftp from other machines. Is there specifically a way to allow outgoing connections and then keep that port open for incoming connections for a short time? This seems to be somewhat the functionality of keep-state, however that does not appear to work. If anybody has any examples, I would appreciate them. Neither the freebsd handbook nor the ipfw manpage goes into enough detail as I needed. Please cc responses, as I am not on the freebsd-questions list. Thanks, Josh Thomas Student Systems Analyst w To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message