I'm trying to setup a stateful firewall for my server such that any
traffic can go out, and it's reply come back. However I'm getting the
error message "ipfw: install_state: entry already present, done"
repeated many times in my logs (tho the rules seemed to work fine
otherwise).
I stripped down the rules to the minimum I could and discovered the line
causing it is "allow udp from me to any keep-state". The similar line
for TCP also causes it too if the "setup" keyword is left off. But UDP
does not work if I put the setup keyword on it's line (because there is
no setup for UDP I assume)
Full firewall rules:
dns2# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 allow udp from me to any keep-state
65535 deny ip from any to any
I found some search results for this error message, but none seem to
have a solution to the problem.
System info:
dns2# uname -a
FreeBSD dns2 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24
00:14:35 UTC 2009
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Hardware: virtual server under vmWare ESXi (not that that should matter)
network card: em0
--
Chris St Denis
Programmer
SmarttNet (www.smartt.com)
Ph: 604-473-9700 Ext. 200
-------------------------------------------
"Smart Internet Solutions For Businesses"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
