On Sun, 19 Sep 2004 06:45:28 -0700
Rob [EMAIL PROTECTED] wrote:
Seems to work with everything else incl. ftp. What am I doing wrong?
Thanks, Rob.
block in log all
pass out all
pass out on lo all
pass in on lo all
pass out quick on bfe0 proto tcp/udp from any to any port 1024
For quick answer, replace above line with:
pass out quick on bfe0 proto tcp/udp from any to any port 1024 keep state
pass in quick on bfe0 proto icmp all icmp-type 0
pass in quick on bfe0 proto icmp all icmp-type 3
pass in quick on bfe0 proto icmp all icmp-type 11
block in on bfe0 proto tcp all flags S/SA
block out on bfe0 proto tcp all flags SA/SA
pass in quick on bfe0 proto tcp from any to any port = 22 flags S/SA keep state
pass in quick on bfe0 proto tcp from any to any port = 25 flags S/SA keep state
pass out on bfe0 proto tcp all keep state
I don't think this line makes tcp connections below stateful. You must write down
keep state phrase on every tcp (and udp, icmp) line you write.
block return-rst in on bfe0 proto tcp from any to any port = 113
pass in on bfe0 proto tcp/udp from any port = 53 to any
pass in on bfe0 proto tcp/udp from any port = 67 to any
pass out on bfe0 proto tcp/udp from any port = 68 to any
pass in on bfe0 proto tcp from any port = 80 to any
Or, add the following line here:
pass in on bfe0 proto tcp from any port = 5999 to any
horio shoichi
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
