Date: Mon, 10 Jul 2006 19:14:03 -0400 From: Chuck Swiger <cswiger@mac.com> To: Ensel Sharon <user@dhp.com> Cc: freebsd-questions@freebsd.org Subject: Re: Sanity-check for my (working) ipfw rules please... Message-ID: <44B2DF3B.6010303@mac.com> In-Reply-To: <Pine.LNX.4.21.0607101740470.12027-100000@shell.dhp.com> References: <Pine.LNX.4.21.0607101740470.12027-100000@shell.dhp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ensel Sharon wrote: [ ... ] > Two questions: is it appropriate to have line 01000 above all of my > bad-behavior lines ? "established" means "ACK and not SYN", basicly. Your "bad behavior" rules wouldn't really match anything which matches established, but it's probably better to block known-bad stuff earlier on. However, it's not the same thing as stateful tracking, which you might want to consider using depending on what you're doing... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44B2DF3B.6010303>