From owner-freebsd-questions@FreeBSD.ORG Wed Nov 26 13:39:51 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DD3B1065672 for ; Wed, 26 Nov 2008 13:39:51 +0000 (UTC) (envelope-from fbsd1@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 407798FC1E for ; Wed, 26 Nov 2008 13:39:51 +0000 (UTC) (envelope-from fbsd1@a1poweruser.com) Received: from [10.0.10.6] ([202.69.174.150]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 26 Nov 2008 05:38:41 -0800 Message-ID: <492D51CB.9000201@a1poweruser.com> Date: Wed, 26 Nov 2008 21:40:27 +0800 From: Fbsd1 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 26 Nov 2008 13:38:42.0069 (UTC) FILETIME=[4BD12450:01C94FCC] X-Sender: fbsd1@a1poweruser.com Subject: firewall rules for bitlord, yahoo, limewire X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2008 13:39:51 -0000 These applications have predefined ports they use to start up the bi-directional packet conversation. But them unsolicited packeted come in from other pc nodes to share data using a wide range of high port numbers. IPFW, IPF, and PF don't seem to have a rule option to allow packs in/out based on program name that started the conversation. I thought i read in openbsd pf manual that pf state processing will allow applications like limewire to function normally by accepting the inbound high number port to pass through the firewall. I have inclusive firewall rule set which means only packets matching the rules are passed through. The inbound hight port numbers are blocked by design. How do other firewall users code rules to allow limewire to work?