From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 16 14:46:32 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9DBC717C
 for <freebsd-questions@freebsd.org>; Tue, 16 Sep 2014 14:46:32 +0000 (UTC)
Received: from nightmare.dreamchaser.org (nightmare.dreamchaser.org
 [12.32.44.142])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 491938FF
 for <freebsd-questions@freebsd.org>; Tue, 16 Sep 2014 14:46:31 +0000 (UTC)
Received: from breakaway.dreamchaser.org (breakaway.dreamchaser.org.
 [12.32.36.73])
 by nightmare.dreamchaser.org (8.13.6/8.13.6) with ESMTP id s8GEkQ16091134
 for <freebsd-questions@freebsd.org>; Tue, 16 Sep 2014 08:46:27 -0600 (MDT)
 (envelope-from freebsd@dreamchaser.org)
Message-ID: <54184D43.7020201@dreamchaser.org>
Date: Tue, 16 Sep 2014 08:46:27 -0600
From: Gary Aitken <freebsd@dreamchaser.org>
Reply-To: freebsd@dreamchaser.org
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject: firewall rules for torrents
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
 (nightmare.dreamchaser.org [12.32.36.65]);
 Tue, 16 Sep 2014 08:46:27 -0600 (MDT)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 14:46:32 -0000

Can someone point me to or fill me in on what's required in the way of firewall
rules for torrent operation?

I gather I can configure for a given listening port,
and my existing outgoing rules should cover outgoing conversations.
But it's unclear to me whether or not the protocol is statefull from inside
the firewall (i.e. "ipfw ... setup keep-state" rules for outgoing packets 
would cover it), or whether the download ports need to be opened up because 
the a conversation may be initiated by an external peer.

Thanks,

Gary