On 2003-04-05 21:49, Robin Ericsson <[EMAIL PROTECTED]> wrote:
>
> I would like to get some input of these rules I'm currenly using.
>

> I come from a linux/cisco background, so I want to know how bad these
> are :) mostly my questions are the keep-state stuff. I guess 00235 can
> go, as I think that one allows all trafic from that specific ip if
> already connected elsewhere?

True.

> ipfw add 00230 check-state
> ipfw add 00235 allow tcp from any to any in established

You don't need both of these...  The 'established' one can safely go
away if you make it a habbit of writing rules with 'keep-state' as shown
below:

> # ssh
> ipfw add 00700 allow tcp from any to me 22 keep-state

- Giorgos

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to