Date: Sat, 14 Feb 2004 20:32:36 -0600 From: Eric F Crist <ecrist@adtechintegrated.com> To: freebsd-questions@freebsd.org Cc: Jez Hancock <jez.hancock@munk.nu> Subject: Re: continued IPFW issues... (actually a lack of ability on my part) Message-ID: <200402142032.44456.ecrist@adtechintegrated.com> In-Reply-To: <200402142014.37581.ecrist@adtechintegrated.com> References: <20040214233615.GB38665@users.munk.nu> <20040215020913.GA56178@falcon.midgard.homeip.net> <200402142014.37581.ecrist@adtechintegrated.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_MptLAiaT2bz8cbt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 14 February 2004 08:14 pm, Eric F Crist wrote: > Well, from what I understand, isn't udp a state-less protocol? How would > established/keepstate/check-state work with that? Ok, so I read that check-state/keep-state should be able to work with udp. = =20 According to the man page, I should add: ipfw add check-state ipfw add allow udp from my-subnet to any keep-state ipfw add deny udp from any to any my-subnet was changed to my /29 network address (i.e. 1.2.3.4/29). Still, = the=20 rule following all of these is ipfw add allow udp from any to any and it's= =20 getting all the packets. I'm still reading, but the check-state isn't maki= ng=20 sense to me. TIA =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_MptLAiaT2bz8cbt Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBALtpMzdyDbTMRQIYRAokeAKCXhlLyu7KAjDyGwm8YQ5jKlT8GPACfSz6x Whpihb8PwBynKeFII1n+xls= =1MOq -----END PGP SIGNATURE----- --Boundary-02=_MptLAiaT2bz8cbt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402142032.44456.ecrist>