From owner-freebsd-questions Thu Aug 16 15:57:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (oe34.law12.hotmail.com [64.4.18.91]) by hub.freebsd.org (Postfix) with ESMTP id A805937B40A for ; Thu, 16 Aug 2001 15:57:32 -0700 (PDT) (envelope-from default013subscriptions@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 16 Aug 2001 15:57:32 -0700 X-Originating-IP: [24.14.93.185] Reply-To: "default - Subscriptions" From: "default - Subscriptions" To: Subject: Question about IPFW keep-state Date: Thu, 16 Aug 2001 17:57:30 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Message-ID: X-OriginalArrivalTime: 16 Aug 2001 22:57:32.0547 (UTC) FILETIME=[D524CD30:01C126A6] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I am considering using some keep-state rules in my firewall code, however I would like some clarification on what keep-state actually does... I read the man page on it and it says that this is a dynamic ruleset... which I don't quite understand either... it sounds as if it may be more complicated than it seems... Do the rulesets below work that simply? Or is there more to this that is not so easily understood? (such as a deeper ruleset for the basic dynamic rulesets to follow, modifications to IPFW, or NATD (which I don't use right now...) ex.: add allow udp from to any keep-state # Allow outgoing UDP and responses (mainly for DNS) allow icmp from to any keep-state # Allow outgoing ICMP and responses (traceroutes and pings...) Thanks, Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message