Date: Wed, 29 Jan 2003 19:25:14 -0700 (MST) From: Nick Rogness <nick@rogness.net> To: "Simon L. Nielsen" <simon@nitro.dk> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Error in ipfw manpage for stateful rules? Message-ID: <20030129191619.E69407-100000@skywalker.rogness.net> In-Reply-To: <20030128230133.GF414@nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Jan 2003, Simon L. Nielsen wrote: > > Hello > > The ipfw man page for stateful rules has two examples. Shouldn't the > allow rule have a keep-state keyword ? > > So > > ipfw add check-state > ipfw add allow tcp from my-subnet to any setup > ipfw add deny tcp from any to any > > is changed to > > ipfw add check-state > ipfw add allow tcp from my-subnet to any setup keep-state > ipfw add deny tcp from any to any > > And similar for udp. I just verified that you are correct. I wasn't sure if setup implied keep-state or not (don't know why it would). I just typed it in and you definetly need the keep-state keyword with the rule. I did a quick search for this mentioned in the PR database and didn't find a match. Do a more thorough check and make sure someone has not already submitted a PR for this, then submit a PR. Or if not, I can. Nick Rogness <nick@rogness.net> - How many people here have telekenetic powers? Raise my hand. -Emo Philips To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030129191619.E69407-100000>