From owner-freebsd-stable Thu Mar 22 7:42: 3 2001 Delivered-To: freebsd-stable@freebsd.org Received: from dagobert.skystream.nl (smtp.uwnet.nl [195.7.130.55]) by hub.freebsd.org (Postfix) with ESMTP id 09BEB37B720 for ; Thu, 22 Mar 2001 07:42:01 -0800 (PST) (envelope-from abgoeree@uwnet.nl) Received: from dyn.dailup.c227128200.isd.to (dyn.dailup.c227128200.isd.to [213.227.128.200]) by dagobert.skystream.nl (8.11.3/8.11.0) with ESMTP id f2MFji018035 for ; Thu, 22 Mar 2001 16:45:44 +0100 Received: (qmail 20421 invoked by uid 1000); 22 Mar 2001 15:42:15 -0000 From: "Andre Goeree" Date: Thu, 22 Mar 2001 16:42:15 +0100 To: stable@freebsd.org Subject: ipfw stateful filtering Message-ID: <20010322164215.A20386@mandark.attica.home> Reply-To: abgoeree@uwnet.nl Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Sender: abgoeree@uwnet.nl Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I'm experimenting a little with stateful filtering. Somehow it doesn't work like i expect; output of "ipfw show": 00100 0 0 check-state 00200 2874 690508 allow ip from any to any via lo0 [snip address checking rules] 02100 0 0 deny tcp from any to any via tun* established 02200 890 308516 allow tcp from any 4000-5000 to any keep-state out xmit tun* setup [snip local network rules] ## Dynamic rules: 02200 889 308472 (T 0, # 176) ty 0 tcp, XXX.XXX.XXX.XXX 4025 <-> XXX.XXX.XXX.XXX 110 It appears that the check-state rule never matches.. Am i overlooking something? --Andre. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message