From owner-freebsd-questions@FreeBSD.ORG Thu Mar 3 19:38:39 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38B2F16A4CE for ; Thu, 3 Mar 2005 19:38:39 +0000 (GMT) Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1306743D2F for ; Thu, 3 Mar 2005 19:38:39 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from utd49554 (utd49554.utdallas.edu [129.110.3.85]) by smtp1.utdallas.edu (Postfix) with ESMTP id AA8A7388EA2 for ; Thu, 3 Mar 2005 13:38:38 -0600 (CST) Date: Thu, 03 Mar 2005 13:38:38 -0600 From: Paul Schmehl To: FreeBSD questions Message-ID: In-Reply-To: <42275BF0.1060005@mac.com> References: <302EDA302808644CF37C11E5@utd49554.utdallas.edu> <42275BF0.1060005@mac.com> X-Mailer: Mulberry/3.1.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: ipfw lost its mind? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 19:38:39 -0000 --On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger wrote: > > TCP connections are bidirectional, therefore you need to add rules which > allow traffic from all back to your workstation, or else use keep-state > and check-state to use dynamic rules.... The firewall script already had a rule for that: allow ip from {server} to any The problem wasn't that the firewall was *stopping* legitimate packets. It was just *slowing them down* like crazy. Very weird. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu