On Mon, Apr 17, 2006 at 06:29:13PM -0400, Charles Swiger wrote:
> ...
> [ ...redirected to freebsd-questions... ]

Thanks for doing that!

> ...

> You don't have a check-state rule anywhere, so you either need to add  
> one or a rule to pass established traffic to and from port 22.

I thought check-state was fairly optional; ref:

     These dynamic rules, which have a limited lifetime, are checked at the
     first occurrence of a check-state, keep-state or limit rule, and are typ-
     ically used to open the firewall on-demand to legitimate traffic only.
     See the STATEFUL FIREWALL and EXAMPLES Sections below for more informa-
     tion on the stateful behaviour of ipfw.

(from "man ipfw" on a 4.11 system).

David H. Wolfskill                              [EMAIL PROTECTED]
Mail filters, like sewers, need to be most restrictive at the point of entry.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to