Date: Sat, 22 Mar 2014 22:39:36 -0700 From: Julian Elischer <julian@freebsd.org> To: RW <rwmaillists@googlemail.com>, freebsd-security@freebsd.org, ipfw@FreeBSD.org Subject: Re: ipfw dynamic rules Message-ID: <532E7398.5090607@freebsd.org> In-Reply-To: <532E723C.2090109@freebsd.org> References: <51546.1395432085@server1.tristatelogic.com> <20140322182402.Q83569@sola.nimnet.asn.au> <201403221454.IAA22021@mail.lariat.net> <20140322151155.184d5229@gumby.homeunix.com> <532E723C.2090109@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
reposting with a useful subject line and more comments On 3/22/14, 10:33 PM, Julian Elischer wrote: > > in ipfw that's up to you.. > but I usually put the check-state quite early in my rule sets. > On 3/22/14, 1:34 AM, Ian Smith wrote: > Firstly, that's the one page in the handbook (that I know of) that needs > completely nuking. It contains many factual errors as well as weird > notions, and will only tend to mislead you; consult ipfw(8) and prosper. > I'd say refer to the examples in rc.firewall but it too is in disrepair. I am working on a new rc.firewall that is much more efficient. the trouble is that the script to make it do what I want is a bit more complicated. I'll put it out for discussion later. maybe tonight. as for the handbook pages.. after we see how the new firewall rules work we can see about rewriting the page.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?532E7398.5090607>