[EMAIL PROTECTED] wrote:
[snip]
You do have a rule for established connections?
Kevin Kinsey
DaleCo S.P.
you know the only rule i have for that is
add 60000 deny log tcp from any to any established
I am assuming this is incorrect?
Aye, there's the rub. Last rule is usually
"deny ip from any to any"; somewhere above
that, but after the setup rules is "allow ip from
any to my.ip.add.ress established"* ... it does
no good to allow the setup packets but no
further data....
Kevin Kinsey
DaleCo S.P.
*instead of "allow ip" this could conceivably
be protocol specific, e.g. if you only have tcp
services available, "allow tcp from any to {me} established"
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
