Date: Sun, 2 Feb 2003 20:31:55 +0100 (CET) From: "Simon L.Nielsen" <simon@nitro.dk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: docs/47817: [patch] Error in ipfw manpage example Message-ID: <20030202193155.B8CE710BF97@arthur.nitro.dk>
next in thread | raw e-mail | index | archive | help
>Number: 47817 >Category: docs >Synopsis: [patch] Error in ipfw manpage example >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 02 11:40:10 PST 2003 >Closed-Date: >Last-Modified: >Originator: Simon L. Nielsen >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD arthur.nitro.dk 4.7-STABLE FreeBSD 4.7-STABLE #0: Mon Jan 27 23:12:12 CET 2003 root@arthur.nitro.dk:/usr/obj/usr/src/sys/ARTHUR i386 >Description: The ipfw(8) manpage has an example of using ipfw for a stateful inspection firewall but the example does not work since it is missing the keep-state keyword to actually create the dynamic rules. >How-To-Repeat: >Fix: --- ipfw-man-keep-state.patch begins here --- Index: ipfw.8 =================================================================== RCS file: /home/mirror/freebsd/ncvs/src/sbin/ipfw/ipfw.8,v retrieving revision 1.119 diff -u -d -r1.119 ipfw.8 --- ipfw.8 12 Jan 2003 03:31:10 -0000 1.119 +++ ipfw.8 2 Feb 2003 19:01:52 -0000 @@ -1212,7 +1212,7 @@ will be allowed through the firewall: .Pp .Dl "ipfw add check-state" -.Dl "ipfw add allow tcp from my-subnet to any setup" +.Dl "ipfw add allow tcp from my-subnet to any setup keep-state" .Dl "ipfw add deny tcp from any to any" .Pp A similar approach can be used for UDP, where an UDP packet coming @@ -1220,7 +1220,7 @@ the firewall: .Pp .Dl "ipfw add check-state" -.Dl "ipfw add allow udp from my-subnet to any" +.Dl "ipfw add allow udp from my-subnet to any keep-state" .Dl "ipfw add deny udp from any to any" .Pp Dynamic rules expire after some time, which depends on the status --- ipfw-man-keep-state.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030202193155.B8CE710BF97>