From owner-freebsd-ipfw Wed Nov 15 9: 7:12 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.biographix.com (unknown [207.236.111.133]) by hub.freebsd.org (Postfix) with ESMTP id E0F8C37B479 for ; Wed, 15 Nov 2000 09:07:09 -0800 (PST) Received: from bottleneck2000 ([192.168.1.12]) by mail.biographix.com (8.11.1/8.11.1) with SMTP id eAFH7ta49858 for ; Wed, 15 Nov 2000 12:07:56 -0500 (EST) Message-ID: <01cc01c04f26$f68bc300$0c01a8c0@bottleneck2000> From: "Elliott Perrin" To: Subject: Stateful rules Date: Wed, 15 Nov 2000 12:10:31 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Quick question about the keep-state and check-state options in ipfw. I have been playing with stateful inspection on a test box and was wondering why I am getting no counter values associated with the check-state rule on this machine. Loads of counter values on the keep-state rules but none on the check-state. So I was wondering if this is "normal" or if there is something I am missing. The rules are as follows (this is not a live server , I just want to see stateful in action of some sort first on this test box) 100 check-state 200 allow tcp from any to any 80 300 allow tcp from any to any 25 keep-state 400 allow tcp from any to any 110 keep-state 500 allow tcp from any to any 119 keep-state The counters for 300 - 500 are increasing in a manner I would expect, but the counters for rule 100 stay the exact same, 0 and 0. I also noticed that when I had the rule 150 deny tcp from any to any established all connections to POP3 and SMTP are being denied, yet I thought that the check-state rule would allow this. I tried using setup in the same ruleset for the keep-state options and got the same result. eperrin@bigorbit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message