From owner-freebsd-ipfw Tue Jul 27 10:34:16 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from WWW.GraphicExpress.Net (www.GraphicExpress.net [206.168.188.162]) by hub.freebsd.org (Postfix) with ESMTP id 6370A1522A for ; Tue, 27 Jul 1999 10:33:59 -0700 (PDT) (envelope-from staylor@graphicexpress.net) Received: from graphicexpress.net (INTRIGUE.eotek.com [204.133.131.183]) by WWW.GraphicExpress.Net (8.9.3/8.9.2) with ESMTP id LAA09590 for ; Tue, 27 Jul 1999 11:33:58 -0600 (MDT) Message-ID: <379DED83.70D4B4BE@graphicexpress.net> Date: Tue, 27 Jul 1999 11:33:55 -0600 From: Scott Taylor X-Mailer: Mozilla 4.61 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: reflexive access lists? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG One of the rules that I have in the access lists on my cisco routers that I wish I could setup of my freebsd box are reflexive access lists. I'd love to be able to allow packets that are replies to requests from my machine be automatically allowed without allowing such a blanket permission as allowing all tcp packets with the established flag set. Reflexive lists allow me to setup harsh firewall rules yet give processes on my machine transparent access to the outside world. Here's a page by cisco describing setting up a reflexive list: http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt3/screflex.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message