Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Nov 2017 18:19:05 -0600
From:      Tim Daneliuk <tundra@tundraware.com>
To:        javocado <javocado@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPFW: Why can I add port numbers to established and what does that do ?
Message-ID:  <700e9ff8-a808-43a2-490d-907900d32a82@tundraware.com>
In-Reply-To: <CAP1HOmR4a59Z0_NT6g8N8u2r5zoa1f1YPEJCZmGysCtHY=hvdA@mail.gmail.com>
References:  <CAP1HOmQEKgocsejRHOMEfb-Ghzev%2BDuQiZ5OwYcQLktfu0xvDQ@mail.gmail.com> <d80d16dc-c01e-8224-e9a5-df2420390668@tundraware.com> <CAP1HOmR4a59Z0_NT6g8N8u2r5zoa1f1YPEJCZmGysCtHY=hvdA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 11/16/2017 06:07 PM, javocado wrote:
> 
> 
> ... which I don't understand.  In fact, I think it is a bug, but I am asking to make sure.  It doesn't seem like specifying a port in the established rule makes any sense ...

I've never much thought about it, but perhaps the intention to
to limit enabling traffic to those connections that were originally
created via a port 22 rendezvous ... i.e. The rule would only apply
to active ssh connections.

Like I said, I am not certain of this, so it could well be bogus.

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?700e9ff8-a808-43a2-490d-907900d32a82>