From owner-freebsd-doc Sun Feb 2 11:40:15 2003 Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61A3A37B406 for ; Sun, 2 Feb 2003 11:40:13 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A2EF43F43 for ; Sun, 2 Feb 2003 11:40:11 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h12JeBNS061300 for ; Sun, 2 Feb 2003 11:40:11 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h12JeAFT061299; Sun, 2 Feb 2003 11:40:10 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 007D937B401 for ; Sun, 2 Feb 2003 11:31:58 -0800 (PST) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7918B43F75 for ; Sun, 2 Feb 2003 11:31:56 -0800 (PST) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id B8CE710BF97; Sun, 2 Feb 2003 20:31:55 +0100 (CET) Message-Id: <20030202193155.B8CE710BF97@arthur.nitro.dk> Date: Sun, 2 Feb 2003 20:31:55 +0100 (CET) From: "Simon L.Nielsen" Reply-To: "Simon L.Nielsen" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: docs/47817: [patch] Error in ipfw manpage example Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 47817 >Category: docs >Synopsis: [patch] Error in ipfw manpage example >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 02 11:40:10 PST 2003 >Closed-Date: >Last-Modified: >Originator: Simon L. Nielsen >Release: FreeBSD 4.7-STABLE i386 >Organization: >Environment: System: FreeBSD arthur.nitro.dk 4.7-STABLE FreeBSD 4.7-STABLE #0: Mon Jan 27 23:12:12 CET 2003 root@arthur.nitro.dk:/usr/obj/usr/src/sys/ARTHUR i386 >Description: The ipfw(8) manpage has an example of using ipfw for a stateful inspection firewall but the example does not work since it is missing the keep-state keyword to actually create the dynamic rules. >How-To-Repeat: >Fix: --- ipfw-man-keep-state.patch begins here --- Index: ipfw.8 =================================================================== RCS file: /home/mirror/freebsd/ncvs/src/sbin/ipfw/ipfw.8,v retrieving revision 1.119 diff -u -d -r1.119 ipfw.8 --- ipfw.8 12 Jan 2003 03:31:10 -0000 1.119 +++ ipfw.8 2 Feb 2003 19:01:52 -0000 @@ -1212,7 +1212,7 @@ will be allowed through the firewall: .Pp .Dl "ipfw add check-state" -.Dl "ipfw add allow tcp from my-subnet to any setup" +.Dl "ipfw add allow tcp from my-subnet to any setup keep-state" .Dl "ipfw add deny tcp from any to any" .Pp A similar approach can be used for UDP, where an UDP packet coming @@ -1220,7 +1220,7 @@ the firewall: .Pp .Dl "ipfw add check-state" -.Dl "ipfw add allow udp from my-subnet to any" +.Dl "ipfw add allow udp from my-subnet to any keep-state" .Dl "ipfw add deny udp from any to any" .Pp Dynamic rules expire after some time, which depends on the status --- ipfw-man-keep-state.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message