Date: Sun, 23 Oct 2005 11:37:01 -0400 From: Chuck Swiger <cswiger@mac.com> To: John Do <pcbsdguy@yahoo.ca> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW equivalent of iptables --state ESTABLISHED, RELATED Message-ID: <435BAE1D.8030305@mac.com> In-Reply-To: <20051023045343.27950.qmail@web35802.mail.mud.yahoo.com> References: <20051023045343.27950.qmail@web35802.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Do wrote: > Hi guys > > I'm having trouble with IPFW I need to allow user > initiated traffic IN but I can't > > Basically in iptables for Linux I would have used > something like > -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j > ACCEPT > > > Can someone help me discover what the equivalent > syntax in IPFW would be? > > I have tried to use "allow tcp from any to any > established in" but it doesn't work "allow tcp from any to any established" ...as another poster said, however, this will allow data traffic not associated with legitimate connections in, too. If you want use stateful rules in IPFW, something like: check-state allow ip from me to any setup keep-state Take a look at /etc/rc.firewall for more detailed rules... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?435BAE1D.8030305>