Date: Tue, 15 Oct 2002 20:44:32 +0200 From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: "Maildrop" <maildrop@qwest.net> Cc: freebsd-security@freebsd.org Subject: Re: FW: monitor ALL connections to ALL ports Message-ID: <20021015204432.22f7be8d.kzaraska@student.uci.agh.edu.pl> In-Reply-To: <NGBBIILBAKIFGHHCHOHPEECLFKAA.maildrop@qwest.net> References: <20021015175714.6ecbd83a.kzaraska@student.uci.agh.edu.pl> <NGBBIILBAKIFGHHCHOHPEECLFKAA.maildrop@qwest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Oct 2002 12:58:05 -0500
"Maildrop" <maildrop@qwest.net> wrote:
>
> Yep, this is exactly what I am looking for. All packets, is a bit heavy
> on my hard drive :P This only works with tcp though, is there any thing
> to watch udp packets (like the first packet from a host on a certain
> port?) I know udp might be tougher, since it is stateless.
${fwcmd} add pass log udp from ${oip}:${omask} to any keep-state
This should handle outgoing UDP traffic.
When a packet is matched, a dynamic rule matching packets being part of
the connection (same protocol, IP, and port numbers in both directions) is
added into the ruleset. Dynamic rule has a limited lifetime, and is
removed when expires. man ipfw for details, see information on
check-state, keep-state.
--
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
// -- Stanislaw Lem
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021015204432.22f7be8d.kzaraska>