On 2003-04-05 21:49, Robin Ericsson <[EMAIL PROTECTED]> wrote: > > I would like to get some input of these rules I'm currenly using. >
> I come from a linux/cisco background, so I want to know how bad these > are :) mostly my questions are the keep-state stuff. I guess 00235 can > go, as I think that one allows all trafic from that specific ip if > already connected elsewhere? True. > ipfw add 00230 check-state > ipfw add 00235 allow tcp from any to any in established You don't need both of these... The 'established' one can safely go away if you make it a habbit of writing rules with 'keep-state' as shown below: > # ssh > ipfw add 00700 allow tcp from any to me 22 keep-state - Giorgos _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"