On Sun, 19 Sep 2004 06:45:28 -0700 Rob <[EMAIL PROTECTED]> wrote: > Seems to work with everything else incl. ftp. What am I doing wrong? > Thanks, Rob. > > > > block in log all > pass out all > > pass out on lo all > pass in on lo all > > pass out quick on bfe0 proto tcp/udp from any to any port > 1024
For quick answer, replace above line with: pass out quick on bfe0 proto tcp/udp from any to any port > 1024 keep state > > pass in quick on bfe0 proto icmp all icmp-type 0 > pass in quick on bfe0 proto icmp all icmp-type 3 > pass in quick on bfe0 proto icmp all icmp-type 11 > > block in on bfe0 proto tcp all flags S/SA > block out on bfe0 proto tcp all flags SA/SA > > pass in quick on bfe0 proto tcp from any to any port = 22 flags S/SA keep state > pass in quick on bfe0 proto tcp from any to any port = 25 flags S/SA keep state > > > pass out on bfe0 proto tcp all keep state I don't think this line makes tcp connections below stateful. You must write down "keep state" phrase on every tcp (and udp, icmp) line you write. > > block return-rst in on bfe0 proto tcp from any to any port = 113 > > pass in on bfe0 proto tcp/udp from any port = 53 to any > pass in on bfe0 proto tcp/udp from any port = 67 to any > pass out on bfe0 proto tcp/udp from any port = 68 to any > pass in on bfe0 proto tcp from any port = 80 to any Or, add the following line here: pass in on bfe0 proto tcp from any port = 5999 to any > horio shoichi _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
