Date: Thu, 03 Mar 2005 13:48:16 -0500 From: Chuck Swiger <cswiger@mac.com> To: Paul Schmehl <pauls@utdallas.edu> Cc: FreeBSD questions <freebsd-questions@freebsd.org> Subject: Re: ipfw lost its mind? Message-ID: <42275BF0.1060005@mac.com> In-Reply-To: <302EDA302808644CF37C11E5@utd49554.utdallas.edu> References: <302EDA302808644CF37C11E5@utd49554.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl wrote:
[ ... ]
> So, I removed rule 00001 and created a new one like this:
> ipfw add 00050 allow ip from {my workstation at work) to any.
>
> I then ssh'd to my workstation and attempted to ssh back to the server.
> No go. Yet ipfw show shows an increased packet count on the counter for
> that rule. So, it's seeing the packets, but they're being delayed somehow.
>
> Why the allow ip from any to any works, but allow ip from my workstation
> to any doesn't is a complete mystery to me.
TCP connections are bidirectional, therefore you need to add rules which allow
traffic from all back to your workstation, or else use keep-state and
check-state to use dynamic rules....
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42275BF0.1060005>