From owner-freebsd-questions@FreeBSD.ORG Sat Oct 22 13:56:16 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27BEF106566C for ; Sat, 22 Oct 2011 13:56:16 +0000 (UTC) (envelope-from carmel_ny@hotmail.com) Received: from blu0-omc4-s18.blu0.hotmail.com (blu0-omc4-s18.blu0.hotmail.com [65.55.111.157]) by mx1.freebsd.org (Postfix) with ESMTP id D2DA88FC13 for ; Sat, 22 Oct 2011 13:56:15 +0000 (UTC) Received: from BLU0-SMTP235 ([65.55.111.137]) by blu0-omc4-s18.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Sat, 22 Oct 2011 06:56:15 -0700 X-Originating-IP: [76.182.105.57] X-Originating-Email: [carmel_ny@hotmail.com] Message-ID: Received: from scorpio.seibercom.net ([76.182.105.57]) by BLU0-SMTP235.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Sat, 22 Oct 2011 06:56:13 -0700 Received: from scorpio (zeus [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: carmel_ny@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3SQllc5Yvdz2CG4d for ; Sat, 22 Oct 2011 09:56:12 -0400 (EDT) Date: Sat, 22 Oct 2011 09:56:12 -0400 From: Carmel To: FreeBSD Organization: seibercom.net X-Mailer: Claws Mail 3.7.10 (GTK+ 2.24.6; amd64-portbld-freebsd8.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 22 Oct 2011 13:56:13.0803 (UTC) FILETIME=[5C9203B0:01CC90C2] Subject: Configuring IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2011 13:56:16 -0000 I am attempting to set up a firewall using IPFW with a stateful behavior. While I have investigated how to set up these rules, I have run into conflicting opinions as to whether to all or deny "established" behavior. EXAMPLE: (preceded by a "checkstate" rule) allow tcp from any to any established Some documentation states that it should be denied and others say it should be allowed. Neither has given me a convincing reason to follow either scenario or any real documentation either for that fact. If possible, could someone with some real firewall knowledge and familiarity with IPFW please give me some advice. Thanks! -- Carmel ✌ carmel_ny@hotmail.com