From owner-freebsd-questions@FreeBSD.ORG Thu Feb 26 00:13:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C694C16A4CE for ; Thu, 26 Feb 2004 00:13:52 -0800 (PST) Received: from sfinx.lasting.ro (sfinx.lasting.ro [193.230.239.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A1F543D1F for ; Thu, 26 Feb 2004 00:13:51 -0800 (PST) (envelope-from mmarie@lasting.ro) Received: from mihai (mihai.lasting.ro [80.96.114.55])i1Q8Dnur055321 for ; Thu, 26 Feb 2004 10:13:49 +0200 (EET) (envelope-from mmarie@lasting.ro) From: "Mihai Marie" To: Date: Thu, 26 Feb 2004 10:12:08 +0200 Message-ID: <004f01c3fc40$3a9dea40$37726050@mihai> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: stateful firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 08:13:52 -0000 Hello, I want to setup a firewall (on my LAN's gateway) so that the only traffic that pass through is the one initiated from my local network (we have public IP's). My firewall looks like this ipfw add check-state ipfw add deny tcp from any to any established ipfw add allow tcp from $my_lan to any setup keep-state The problems appear when I want to make some ftp traffic with a server that is outside (or any other traffic that tries to open a new separated connection in relation with the one initiated from our LAN). With iptables (in redhat) you can do: iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT but I don't know how can I do something like this using ipfw or another firewall on FreeBSD. Any help would be appreciated, Mihai Marie