Date: Sat, 22 Oct 2011 17:54:56 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Configuring IPFW Message-ID: <20111022175456.0e7afccc@gumby.homeunix.com> In-Reply-To: <BLU0-SMTP235296774800AA3D588B52193E90@phx.gbl> References: <BLU0-SMTP235296774800AA3D588B52193E90@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 22 Oct 2011 09:56:12 -0400 Carmel wrote: > I am attempting to set up a firewall using IPFW with a stateful > behavior. > > While I have investigated how to set up these rules, I have run into > conflicting opinions as to whether to all or deny "established" > behavior. > > EXAMPLE: (preceded by a "checkstate" rule) > > allow tcp from any to any established > > > Some documentation states that it should be denied and others say it > should be allowed. Neither has given me a convincing reason to follow > either scenario or any real documentation either for that fact. Normally if the rules are stateless you would allow established tcp packets, but would deny them with stateful rules. In the latter case, established traffic would be passed by the check-state
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111022175456.0e7afccc>