Date: Thu, 16 Aug 2001 17:57:30 -0500 From: "default - Subscriptions" <default013subscriptions@hotmail.com> To: <freebsd-questions@freebsd.org> Subject: Question about IPFW keep-state Message-ID: <OE34lpT5HaAIcQfjodS0000d737@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I am considering using some keep-state rules in my firewall code, however I would like some clarification on what keep-state actually does... I read the man page on it and it says that this is a dynamic ruleset... which I don't quite understand either... it sounds as if it may be more complicated than it seems... Do the rulesets below work that simply? Or is there more to this that is not so easily understood? (such as a deeper ruleset for the basic dynamic rulesets to follow, modifications to IPFW, or NATD (which I don't use right now...) ex.: add allow udp from <myip> to any keep-state # Allow outgoing UDP and responses (mainly for DNS) allow icmp from <myip> to any keep-state # Allow outgoing ICMP and responses (traceroutes and pings...) Thanks, Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE34lpT5HaAIcQfjodS0000d737>