Date: Thu, 16 Nov 2017 11:29:29 -0800 From: javocado <javocado@gmail.com> To: freebsd-questions@freebsd.org Subject: IPFW: Why can I add port numbers to established and what does that do ? Message-ID: <CAP1HOmQEKgocsejRHOMEfb-Ghzev%2BDuQiZ5OwYcQLktfu0xvDQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Almost every single ipfw ruleset I create has this as the very first rule: allow tcp from any to any established ... and I just noticed that ipfw allows me to specify a port on this rule: allow tcp from any to any 22 established If I create a new connection to port 22, I need a rule to allow port 22 traffic out: allow tcp from any to any 22 ... but once that connection is established, doesn't the client begin talking to the server on an ephemeral port (not 22) that isn't predictable ? Why would it ever make sense to specify a port on established ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAP1HOmQEKgocsejRHOMEfb-Ghzev%2BDuQiZ5OwYcQLktfu0xvDQ>