From owner-freebsd-ipfw Thu Apr 12 15: 3:15 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from kanga.honeypot.net (kanga.honeypot.net [216.224.193.50]) by hub.freebsd.org (Postfix) with ESMTP id 4FAFA37B43E for ; Thu, 12 Apr 2001 15:03:13 -0700 (PDT) (envelope-from kirk@honeypot.net) Received: from pooh.honeypot (mail@pooh.honeypot [10.0.1.2]) by kanga.honeypot.net (8.11.3/8.11.3) with ESMTP id f3CM3CE67097 for ; Thu, 12 Apr 2001 17:03:12 -0500 (CDT) (envelope-from kirk@honeypot.net) Received: from kirk by pooh.honeypot with local (Exim 3.12 #1 (Debian)) id 14npBI-0000Hs-00 for ; Thu, 12 Apr 2001 17:03:12 -0500 To: freebsd-ipfw@freebsd.org Subject: Using recv and xmit together? From: Kirk Strauser Date: 12 Apr 2001 17:03:12 -0500 Message-ID: <8766g9hj33.fsf@pooh.honeypot> Lines: 18 X-Mailer: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I want to allow connections from internal clients to external servers. I had originally thought that: ipfw add allow tcp from to \ keep-state out recv xmit or some close variation would work. Instead, I'm finding that I seem to need to split this into two rules: ipfw add allow tcp from to \ keep-state in recv ipfw add allow tcp from to \ keep-state out xmit Is this correct? I really hope that I'm misreading the situation (you can only look at firewall rules for so many hours before things get fuzzy). -- Kirk Strauser To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message