Date: Thu, 11 Mar 2004 15:55:40 -0600 From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: whizkid@ValueDJ.com Cc: freebsd-questions@freebsd.org Subject: Re: IPFW problems connecting to port 25! Message-ID: <4050E05C.2010302@daleco.biz> In-Reply-To: <27211.208.253.246.93.1079041583.squirrel@www.ValueDJ.com> References: <23229.208.253.246.93.1079038697.squirrel@www.ValueDJ.com> <4050DB6B.1050207@daleco.biz> <27211.208.253.246.93.1079041583.squirrel@www.ValueDJ.com>
next in thread | previous in thread | raw e-mail | index | archive | help
whizkid@ValueDJ.com wrote:
>[snip]
>
>
>>You do have a rule for established connections?
>>
>>
>>Kevin Kinsey
>>DaleCo S.P.
>>
>>
>>
>>
>you know the only rule i have for that is
>
>add 60000 deny log tcp from any to any established
>
>I am assuming this is incorrect?
>
>
>
>
>
Aye, there's the rub. Last rule is usually
"deny ip from any to any"; somewhere above
that, but after the setup rules is "allow ip from
any to my.ip.add.ress established"* ... it does
no good to allow the setup packets but no
further data....
Kevin Kinsey
DaleCo S.P.
*instead of "allow ip" this could conceivably
be protocol specific, e.g. if you only have tcp
services available, "allow tcp from any to {me} established"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4050E05C.2010302>