From owner-freebsd-ipfw Wed Jan 29 18:25:25 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5777937B401 for ; Wed, 29 Jan 2003 18:25:24 -0800 (PST) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9281843F43 for ; Wed, 29 Jan 2003 18:25:23 -0800 (PST) (envelope-from nick@rogness.net) Received: from skywalker.rogness.net (localhost [127.0.0.1]) by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id h0U2PIFH069456; Wed, 29 Jan 2003 19:25:18 -0700 (MST) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by skywalker.rogness.net (8.12.5/8.12.5/Submit) with ESMTP id h0U2PHq3069453; Wed, 29 Jan 2003 19:25:17 -0700 (MST) X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs Date: Wed, 29 Jan 2003 19:25:14 -0700 (MST) From: Nick Rogness To: "Simon L. Nielsen" Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Error in ipfw manpage for stateful rules? In-Reply-To: <20030128230133.GF414@nitro.dk> Message-ID: <20030129191619.E69407-100000@skywalker.rogness.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 29 Jan 2003, Simon L. Nielsen wrote: > > Hello > > The ipfw man page for stateful rules has two examples. Shouldn't the > allow rule have a keep-state keyword ? > > So > > ipfw add check-state > ipfw add allow tcp from my-subnet to any setup > ipfw add deny tcp from any to any > > is changed to > > ipfw add check-state > ipfw add allow tcp from my-subnet to any setup keep-state > ipfw add deny tcp from any to any > > And similar for udp. I just verified that you are correct. I wasn't sure if setup implied keep-state or not (don't know why it would). I just typed it in and you definetly need the keep-state keyword with the rule. I did a quick search for this mentioned in the PR database and didn't find a match. Do a more thorough check and make sure someone has not already submitted a PR for this, then submit a PR. Or if not, I can. Nick Rogness - How many people here have telekenetic powers? Raise my hand. -Emo Philips To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message