Date: Tue, 18 Jan 2000 10:01:42 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: jwyatt@rwsystems.net (James Wyatt) Cc: oogali@intranova.net (Omachonu Ogali), briang@expnet.net (Brian Gallucci), isp@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: New Firewall Message-ID: <200001181801.KAA48678@gndrsh.dnsmgr.net> In-Reply-To: <Pine.BSF.4.10.10001181141410.42481-100000@bsdie.rwsystems.net> from James Wyatt at "Jan 18, 2000 11:44:19 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Oops, good call! Make sure you add the 'add pass tcp from any to any
> wstablished' rule so you can get past the setup. Hey, aren't we just
> building the /etc/rc.firewall file again? (^_^) ipfw rules! - Jy@
The established rule is already there, stop speed reading.. ipfw is not
a place to do things fast and hasty, but slow and careful.
>
> On Tue, 18 Jan 2000, Rodney W. Grimes wrote:
> > > The following rules can help if you are going to be running SMTP, HTTP,
> > > POP3, and HTTPS, delete what you don't need.
> >
> > Allowing anything other than ``setup'' packets on these rules is a mistake...
> >
> > > # -- Pass through for already established connections
> > > ipfw add allow tcp from any to any established
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > > # -- SMTP
> > > ipfw add allow tcp from any to x.x.x.x 25
> > ^setup
> > >
> [ ... ]
>
>
--
Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001181801.KAA48678>