From owner-freebsd-questions@FreeBSD.ORG Sun Oct 23 15:37:02 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA7A416A420 for ; Sun, 23 Oct 2005 15:37:02 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0568943D48 for ; Sun, 23 Oct 2005 15:37:01 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 568AE5D32; Sun, 23 Oct 2005 11:37:01 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87125-06; Sun, 23 Oct 2005 11:37:00 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-76-130.ny325.east.verizon.net [68.161.76.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 77F675C21; Sun, 23 Oct 2005 11:37:00 -0400 (EDT) Message-ID: <435BAE1D.8030305@mac.com> Date: Sun, 23 Oct 2005 11:37:01 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Do References: <20051023045343.27950.qmail@web35802.mail.mud.yahoo.com> In-Reply-To: <20051023045343.27950.qmail@web35802.mail.mud.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-questions@freebsd.org Subject: Re: IPFW equivalent of iptables --state ESTABLISHED, RELATED X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2005 15:37:03 -0000 John Do wrote: > Hi guys > > I'm having trouble with IPFW I need to allow user > initiated traffic IN but I can't > > Basically in iptables for Linux I would have used > something like > -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j > ACCEPT > > > Can someone help me discover what the equivalent > syntax in IPFW would be? > > I have tried to use "allow tcp from any to any > established in" but it doesn't work "allow tcp from any to any established" ...as another poster said, however, this will allow data traffic not associated with legitimate connections in, too. If you want use stateful rules in IPFW, something like: check-state allow ip from me to any setup keep-state Take a look at /etc/rc.firewall for more detailed rules... -- -Chuck