Date: Thu, 18 Mar 2004 17:58:42 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Tomi Kaistila <tomi.kaistila@datamike.org> Cc: freebsd-net@freebsd.org Subject: Re: Filtering established connection in ipfw Message-ID: <20040318175650.O1495@odysseus.silby.com> In-Reply-To: <20040318234957.WNT17548.fep17.inet.fi@zeus> References: <20040318234957.WNT17548.fep17.inet.fi@zeus>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Mar 2004, Tomi Kaistila wrote: > My question is, can I make a rule that allows such replies to pass the > packet filter, but to drop if it is not such a reply or similar signal? I > tried using the setup and established flags but either I did something wrong > or it just didn't work out that way. > > -- > Tomi What you want is a stateful firewall, aka dynamic firewall rules. Just use ipfw add allow ip from yourip to any keep-state And ipfw will do what you want. This is described in the ipfw manpage, although it's perhaps not explained as well as it could be. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040318175650.O1495>