IPFW equivalent of iptables --state ESTABLISHED, RELATED
Hi guys I'm having trouble with IPFW I need to allow user initiated traffic IN but I can't Basically in iptables for Linux I would have used something like -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j ACCEPT Can someone help me discover what the equivalent syntax in IPFW would be? I have tried to use "allow tcp from any to any established in" but it doesn't work much appreciated thanks guys ! __ Find your next car at http://autos.yahoo.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW equivalent of iptables --state ESTABLISHED, RELATED
On Oct 22, 2005, at 11:53 PM, John Do wrote: Hi guys I'm having trouble with IPFW I need to allow user initiated traffic IN but I can't Basically in iptables for Linux I would have used something like -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j ACCEPT Can someone help me discover what the equivalent syntax in IPFW would be? I have tried to use "allow tcp from any to any established in" but it doesn't work much appreciated thanks guys ! I'm not quite sure what you're trying to accomplish. If you just want traffic enabled so that when users are browsing the web they get the replies from their requests, that rule is written as: ipfw add ### allow ip from any to any established The rule won't allow new traffic in or out without other rules enabling it. An example ruleset could look like this: ipfw add 100 allow ip from me to any ipfw add 200 allow ip from 192.168.1.0/24 to any out via dc0 ipfw add 300 allow ip from any to any established ipfw add 400 deny ip from 192.168.1.0/24 to me in via dc0 ipfw add 500 allow ip from any to any via sk0 In this example, I'm assuming your FreeBSD machine is the network gateway. NIC dc0 is the outside NIC and sk0 is the internal one. HTH ___ Eric F Crist "I am so smart, S.M.R.T!" Secure Computing Networks -Homer J Simpson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW equivalent of iptables --state ESTABLISHED, RELATED
John Do wrote: Hi guys I'm having trouble with IPFW I need to allow user initiated traffic IN but I can't Basically in iptables for Linux I would have used something like -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j ACCEPT Can someone help me discover what the equivalent syntax in IPFW would be? I have tried to use "allow tcp from any to any established in" but it doesn't work "allow tcp from any to any established" ...as another poster said, however, this will allow data traffic not associated with legitimate connections in, too. If you want use stateful rules in IPFW, something like: check-state allow ip from me to any setup keep-state Take a look at /etc/rc.firewall for more detailed rules... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
