From owner-freebsd-ipfw  Tue Jan 28 15: 1:41 2003
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 197C737B401
	for <freebsd-ipfw@freebsd.org>; Tue, 28 Jan 2003 15:01:40 -0800 (PST)
Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C99443F85
	for <freebsd-ipfw@freebsd.org>; Tue, 28 Jan 2003 15:01:39 -0800 (PST)
	(envelope-from simon@arthur.nitro.dk)
Received: by arthur.nitro.dk (Postfix, from userid 1000)
	id 9B89F10BF96; Wed, 29 Jan 2003 00:01:34 +0100 (CET)
Date: Wed, 29 Jan 2003 00:01:34 +0100
From: "Simon L. Nielsen" <simon@nitro.dk>
To: freebsd-ipfw@freebsd.org
Subject: Error in ipfw manpage for stateful rules?
Message-ID: <20030128230133.GF414@nitro.dk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="XvKFcGCOAo53UbWW"
Content-Disposition: inline
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG


--XvKFcGCOAo53UbWW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


Hello

The ipfw man page for stateful rules has two examples. Shouldn't the
allow rule have a keep-state keyword ?

So

ipfw add check-state
ipfw add allow tcp from my-subnet to any setup
ipfw add deny tcp from any to any

is changed to

ipfw add check-state
ipfw add allow tcp from my-subnet to any setup keep-state
ipfw add deny tcp from any to any

And similar for udp.

--=20
Simon L. Nielsen

--XvKFcGCOAo53UbWW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+NwvN8kocFXgPTRwRAqpcAJ0XbhVx7IJWXYAsge7xc6yqLP6FMACfVzq3
H4tYwZNGHPX8Bi10eZMY8uw=
=+1wZ
-----END PGP SIGNATURE-----

--XvKFcGCOAo53UbWW--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message