From owner-freebsd-questions@freebsd.org  Fri Nov 17 00:19:17 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1D51DEEB1D
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 17 Nov 2017 00:19:17 +0000 (UTC)
 (envelope-from tundra@tundraware.com)
Received: from oceanview.tundraware.com (oceanview.tundraware.com
 [45.55.60.57])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mailman.tundraware.com",
 Issuer "mailman.tundraware.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id AE80372293
 for <freebsd-questions@freebsd.org>; Fri, 17 Nov 2017 00:19:16 +0000 (UTC)
 (envelope-from tundra@tundraware.com)
Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73])
 (authenticated bits=0)
 by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vAH0JAi7042810
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Thu, 16 Nov 2017 18:19:11 -0600 (CST)
 (envelope-from tundra@tundraware.com)
Subject: Re: IPFW: Why can I add port numbers to established and what does
 that do ?
To: javocado <javocado@gmail.com>
Cc: freebsd-questions@freebsd.org
References: <CAP1HOmQEKgocsejRHOMEfb-Ghzev+DuQiZ5OwYcQLktfu0xvDQ@mail.gmail.com>
 <d80d16dc-c01e-8224-e9a5-df2420390668@tundraware.com>
 <CAP1HOmR4a59Z0_NT6g8N8u2r5zoa1f1YPEJCZmGysCtHY=hvdA@mail.gmail.com>
From: Tim Daneliuk <tundra@tundraware.com>
Message-ID: <700e9ff8-a808-43a2-490d-907900d32a82@tundraware.com>
Date: Thu, 16 Nov 2017 18:19:05 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAP1HOmR4a59Z0_NT6g8N8u2r5zoa1f1YPEJCZmGysCtHY=hvdA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2
 (oceanview.tundraware.com [45.55.60.57]);
 Thu, 16 Nov 2017 18:19:11 -0600 (CST)
X-TundraWare-MailScanner-Information: Please contact the ISP for more
 information
X-TundraWare-MailScanner-ID: vAH0JAi7042810
X-TundraWare-MailScanner: Found to be clean
X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted),
 SpamAssassin (not cached, score=-0.896, required 1,
 autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.10,
 RP_MATCHES_RCVD -0.00)
X-TundraWare-MailScanner-From: tundra@tundraware.com
X-Spam-Status: No
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 00:19:18 -0000

On 11/16/2017 06:07 PM, javocado wrote:
> 
> 
> ... which I don't understand.  In fact, I think it is a bug, but I am asking to make sure.  It doesn't seem like specifying a port in the established rule makes any sense ...

I've never much thought about it, but perhaps the intention to
to limit enabling traffic to those connections that were originally
created via a port 22 rendezvous ... i.e. The rule would only apply
to active ssh connections.

Like I said, I am not certain of this, so it could well be bogus.

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/