Date: Wed, 15 Nov 2000 12:12:08 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: eperrin@bigorbit.com (Elliott Perrin) Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Stateful rules Message-ID: <200011152012.MAA00340@iguana.aciri.org> In-Reply-To: <01cc01c04f26$f68bc300$0c01a8c0@bottleneck2000> from Elliott Perrin at "Nov 15, 2000 12:10:31 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Quick question about the keep-state and check-state options > in ipfw. I have been playing with stateful inspection on a > test box and was wondering why I am getting no counter > values associated with the check-state rule on this machine. > Loads of counter values on the keep-state rules but none on > the check-state. So I was wondering if this is "normal" or this is the intended behaviour -- a dynamic rule increments the counters for the "parent" rule only. > if there is something I am missing. The rules are as follows > (this is not a live server , I just want to see stateful in > action of some sort first on this test box) > > 100 check-state > 200 allow tcp from any to any 80 > 300 allow tcp from any to any 25 keep-state > 400 allow tcp from any to any 110 keep-state > 500 allow tcp from any to any 119 keep-state > > The counters for 300 - 500 are increasing in a manner I > would expect, but the counters for rule 100 stay the exact > same, 0 and 0. > > I also noticed that when I had the rule > > 150 deny tcp from any to any established > > all connections to POP3 and SMTP are being denied, yet I this sounds strange. no idea. luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011152012.MAA00340>