Date: Thu, 07 Jun 2001 16:06:30 -0400 From: Bill Moran <wmoran@iowna.com> To: Josh Thomas <jdt2101@ksu.edu> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW rules and outward connections Message-ID: <3B1FDEC6.DD592573@iowna.com> References: <Pine.GSO.4.21L.0106071358560.1095-100000@unix1.cc.ksu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Josh Thomas wrote: > > I am looking to set up a firewall to be closed to all incoming connections > except for 20-22 (for ftp and ssh), and to allow all outward > connections. However, I'm having trouble specifically keeping the > dynamically assigned ports above 1024 for normal usage open. ie, http > from other machines, ftp from other machines. Is there specifically a way > to allow outgoing connections and then keep that port open for incoming > connections for a short time? This seems to be somewhat the functionality > of keep-state, however that does not appear to work. If anybody has any > examples, I would appreciate them. Neither the freebsd handbook nor the > ipfw manpage goes into enough detail as I needed. Please cc responses, as > I am not on the freebsd-questions list. A rule like: allow ip from any to any established would allow anything that was already initiated to continue. Then you could restrict what was able to be initiated. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B1FDEC6.DD592573>