Nikos Vassiliadis wrote: > >A packet generated locally 1) should be forwarded by a 'fwd' > >rule and 2) should create a dynamic 'allow' rule for returning > >traffic. Could you please suggest a ruleset for this. > > The fw has the 10.0.0.1 IP address. > The 10.0.0.100 IP address belongs to another computer running a TCP > service at 9999. > > The IPFW rules: > >fw# ipfw list > >00100 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port 9999 keep-state > >00200 deny ip from any to any > >65535 allow ip from any to any
It seems that the 'fwd ... keep-state' statement does create a useful dynamic rule. It contradicts the ipfw(8) man page but works. Thank you for enlightment. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"