Date: Wed, 19 Mar 2008 13:43:45 -0700
From: Freddie Cash <fjwcash@gmail.com>
To: freebsd-net@freebsd.org
Subject: Re: "established" on { tcp or udp } rules
Message-ID: <200803191343.45516.fjwcash@gmail.com>
In-Reply-To: <200803191334.54510.fjwcash@gmail.com>
References: <200803191334.54510.fjwcash@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On March 19, 2008 01:34 pm Freddie Cash wrote:
> Just curious if the following rule will work correctly. It is accepted
> by the ipfw command. In the process of working out a test for it, but
> thought I'd ask here as well, just to be sure.
>
> ipfw add { tcp or udp } from me to any 53 out xmit fxp0
> ipfw add { tcp or udp } from any 53 to me in recv fxp0 established
>
> Will the UDP packets go through correctly, even though "established"
> has no meaning for UDP streams, and the ipfw command will barf if you
> use it with just "ipfw add udp" rules?
Hmm, from the looks of things, it doesn't work. Even though it specifies
both tcp and udp, the rule only matches tcp packets from an established
connection.
Perhaps a warning or error should be given when you try to use TCP options
on rules that aren't TCP-specific?
Or am I missing something here?
--
Freddie Cash
fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803191343.45516.fjwcash>