From owner-freebsd-questions Thu Jun 6 11: 0:37 2002 Delivered-To: freebsd-questions@freebsd.org Received: from bmyster.com (dsl-006.sacoriver.net [65.162.190.7]) by hub.freebsd.org (Postfix) with ESMTP id B7BC537B401 for ; Thu, 6 Jun 2002 11:00:21 -0700 (PDT) Received: from bmyster.com (www@localhost.bmyster.com [127.0.0.1]) by bmyster.com (8.12.2/8.12.2) with SMTP id g56I7H4l010723 for ; Thu, 6 Jun 2002 14:07:17 -0400 (EDT) From: Brent Bailey Received: from 206.98.60.1 (SquirrelMail authenticated user misterb) by bmyster.com with HTTP; Thu, 6 Jun 2002 14:07:17 -0400 (EDT) Message-ID: <25420.206.98.60.1.1023386837.squirrel@bmyster.com> Date: Thu, 6 Jun 2002 14:07:17 -0400 (EDT) Subject: ipfw & advanced statefull rules help!! To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.6) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Im using FBSD 4.5 release with IPFW & natd over my commercial DSL (no pppoe) ..everything runs great ..however i have noticed alot of connection attempts to various UDP & TCP ports (non-services) Is ther a good howto on advanced statefull rulez for IPFW and natd... i do have machines behind the BSD box..and i dont want to totally kill all access to the internet for them ...however i would like to block everything that isnt needed and or intiated from the inside. Ive played with differrent examples of rules that others from this mailing list have presented...but all the rules i have tried kills all traffic to the internet from my internal network...theres got to be some happy medium any help is greatly appreciated,,, thank you again for your help Brent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message