Date: Wed, 16 Jul 2008 16:13:49 -0400 From: "Mike Ragusa" <mragusa@gmail.com> To: freebsd-ipfw@FreeBSD.org Subject: ipfw and dynamic rulesets Message-ID: <523561090807161313l17d01288g29b4c7545d10d0d0@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am using fwknop 1.9.5 and freebsd 7-stable with ipfw compiled into the kernel. I am currently unable to get ipfw to update the dynamic rulesets after i knock on the firewall and open up the ssh port. My ruleset is as follows ipfw add 010 allow from any to any via lo0 ipfw add 200 check-state ipfw add 203 allow all from any to any out keep-state setup 00010 allow ip from any to any via lo0 00200 check-state 00203 allow ip from any to any out setup keep-state 65535 deny ip from any to any fwknop uses rule 201 to add to the firewall and adds the rule 00201 allow tcp from 156.132.40.212 to any dst-port 22 keep-state when i run ipfw list or ipfw show, i see my ruleset but i do not see the dynamic rules which causes the connection to die once the fwknopd reaches its 30 second time out because nothing has been added to the state table/dynamic ruleset. Suggestions are welcome :) Thank You, Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?523561090807161313l17d01288g29b4c7545d10d0d0>