Date: Sat, 12 Jan 2002 17:31:29 -0800 From: Gregory Sutter <gsutter@zer0.org> To: stable@FreeBSD.ORG Subject: Re: tcp keepalive and dynamic ipfw rules Message-ID: <20020113013129.GC5234@klapaucius.zer0.org> In-Reply-To: <15424.33362.685365.782853@caddis.yogotech.com> References: <20020112123054.A20486@localhost> <B865C95B.911F%freebsd@damnhippie.dyndns.org> <15424.33362.685365.782853@caddis.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--qjNfmADvan18RZcF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2002-01-12 11:37 -0700, Nate Williams <nate@yogotech.com> wrote: > > > I have setup a dynamic firewall for my personal computer with such ru= les > > >=20 > > > ipfw add check-state > > > ipfw add deny tcp from any to any established >=20 > This rule doesn't do a heck of a lot, unless you have by default an > 'open' setup. A better idea may be to add the 'log' keyword to this rule, so you can see if someone is passing packets with fake 'established' flags. Then, of course, deny all other unknown packets later. =20 > # Allow me to make UDP connections > ipfw add check-state > ipfw add pass udp from me to any keep-state out This check-state rule is superflous, since the state will be checked=20 at the keep-state rule if no check-state rule is present. Does anyone know of a place where one can look at a number of=20 firewall rulesets? I'm working on improving mine and would like to see the neat things people have come up with. Greg --=20 Gregory S. Sutter The process of scientific discovery mailto:gsutter@zer0.org is, in effect, a continual flight http://www.zer0.org/~gsutter/ from wonder. --Albert Einstein hkp://wwwkeys.pgp.net/0x845DFEDD --qjNfmADvan18RZcF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: '' iD8DBQE8QONxIBUx1YRd/t0RAqgRAJ98XEIZq+PKsNRj8wUuqBGtXy0lhwCfblB/ Kjryfk1mxCk2ZFvW5fVlOgo= =8p7a -----END PGP SIGNATURE----- --qjNfmADvan18RZcF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020113013129.GC5234>