Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jan 2003 09:13:39 -0500
From:      "JoeB" <barbish@a1poweruser.com>
To:        "Nick Rogness" <nick@rogness.net>, "Simon L. Nielsen" <simon@nitro.dk>
Cc:        <freebsd-ipfw@FreeBSD.ORG>
Subject:   RE: Error in ipfw manpage for stateful rules?
Message-ID:  <MIEPLLIBMLEEABPDBIEGKENKDEAA.barbish@a1poweruser.com>
In-Reply-To: <20030129191619.E69407-100000@skywalker.rogness.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
That is not the only thing wrong with the example.
IPFW with NATD does not function with keep-state rules.
Just read the IPFW-list archives back through 1/2002 and you will
get a very clear picture of the problem.
Don't you think it's about time NATD gets fixed or you say some
thing in the examples about this problem.
Divorcing the built in divert natd rule from IPFW and making the NAT
function
a standalone function would be the simplest fix.



-----Original Message-----
From: owner-freebsd-ipfw@FreeBSD.ORG
[mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of Nick Rogness
Sent: Wednesday, January 29, 2003 9:25 PM
To: Simon L. Nielsen
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: Error in ipfw manpage for stateful rules?

On Wed, 29 Jan 2003, Simon L. Nielsen wrote:

>
> Hello
>
> The ipfw man page for stateful rules has two examples. Shouldn't
the
> allow rule have a keep-state keyword ?
>
> So
>
> ipfw add check-state
> ipfw add allow tcp from my-subnet to any setup
> ipfw add deny tcp from any to any
>
> is changed to
>
> ipfw add check-state
> ipfw add allow tcp from my-subnet to any setup keep-state
> ipfw add deny tcp from any to any
>
> And similar for udp.

        I just verified that you are correct.  I wasn't sure if
setup
        implied keep-state or not (don't know why it would).  I just
typed
        it in and you definetly need the keep-state keyword with the
rule.

        I did a quick search for this mentioned in the PR database
and
        didn't find a match.  Do a more thorough check and make sure
        someone has not already submitted a PR for this, then
        submit a PR.  Or if not, I can.


Nick Rogness <nick@rogness.net>
-
  How many people here have telekenetic powers? Raise my hand.
                                -Emo Philips



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGKENKDEAA.barbish>