From owner-freebsd-ipfw@FreeBSD.ORG  Sun Dec 18 23:18:50 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9819316A41F
	for <freebsd-ipfw@freebsd.org>; Sun, 18 Dec 2005 23:18:50 +0000 (GMT)
	(envelope-from dennisolvany@gmail.com)
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 10B8043D46
	for <freebsd-ipfw@freebsd.org>; Sun, 18 Dec 2005 23:18:49 +0000 (GMT)
	(envelope-from dennisolvany@gmail.com)
Received: by xproxy.gmail.com with SMTP id t12so781191wxc
	for <freebsd-ipfw@freebsd.org>; Sun, 18 Dec 2005 15:18:49 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:openpgp:content-type:content-transfer-encoding;
	b=utXj/zqKsMVnlV0O4J+arvBmaflJfpVa6g32cgP5FHS1vh3Q5RQZxtw7GQzdtPvuOg9PfqA+COApHlomLlixqxFzdfstKfBx8+gQZZVgIeManltw0U1zydcu6rTlpN+1wFTqz7ghcw3TKU5u/rxfxVCOM+DT63ZHEjzebs8rRSI=
Received: by 10.70.48.2 with SMTP id v2mr3726813wxv;
	Sun, 18 Dec 2005 15:18:49 -0800 (PST)
Received: from ?192.168.102.3? ( [67.102.60.210])
	by mx.gmail.com with ESMTP id i11sm9047801wxd.2005.12.18.15.18.48;
	Sun, 18 Dec 2005 15:18:48 -0800 (PST)
Message-ID: <43A5EE57.7060500@gmail.com>
Date: Sun, 18 Dec 2005 17:18:47 -0600
From: Dennis Olvany <dennisolvany@gmail.com>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051129)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Reed Loefgren <rloef@interfold.com>
References: <20051218154106.M971@auden.jmla.com>
In-Reply-To: <20051218154106.M971@auden.jmla.com>
X-Enigmail-Version: 0.93.0.0
OpenPGP: id=D71A85AB
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw ruleset blocking game server
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2005 23:18:50 -0000

Reed Loefgren wrote:
> I have been using ipfw for a little while now and have recently changed
> to a ruleset copied off of the FreeBSD website's documentation of ipfw.

The rulesets included in the FreeBSD Handbook and IPFW documentation,
namely rc.firewall, are quite primitive. You may want to consider using
something a bit more advanced.

> Does anyone here have any ideas about what
> port games such as this use to come back in?

Discovering ports is a trivial matter of running tcpdump and attempting
a connection with the game. You will most likely find that dynamic rules
will allow this ingress traffic, without the need to explicitly allow it.

If you post the output of ipfw list, I can assist in the creation of a
more scalable ruleset.