Re: Too many dynamic rules, sorry

Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too

Re: Too many dynamic rules, sorry

. - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 9:41 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: . - Original Message - From: Norm

Re: Too many dynamic rules, sorry

Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from any to any keep-state # For ICMP add 01600 pass

Re: Too many dynamic rules, sorry

Micheal Patterson wrote: . - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 9:41 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: . - Original Message

Re: Too many dynamic rules, sorry

Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from

Re: Too many dynamic rules, sorry

- Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state Norm Vilmer Ok

Re: Too many dynamic rules, sorry

You'll generally need to keep state on UDP when you play online games. If you're smart, you don't allow arbitrary UDP packets from the outside world into your network, but if you're playing Unreal or something, then all communication is via UDP, and you won't be able to play. The

Re: Too many dynamic rules, sorry

--- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any

Re: Too many dynamic rules, sorry

--- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any

Re: Too many dynamic rules, sorry

Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 10:30 AM Subject: Re: Too many dynamic rules, sorry snip I do have a check-state rule add 00200 check-state

Re: Too many dynamic rules, sorry

Bill Moran wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123 keep-state # For VPN add 01500 pass gre from

Re: Too many dynamic rules, sorry

Dave McCammon wrote: --- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any 53 keep-state # For NTP add 01400 pass udp from ${oip} to any 123

Re: Too many dynamic rules, sorry

- Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 11:47 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: - Original Message - From: Norm Vilmer

Re: Too many dynamic rules, sorry

Micheal Patterson wrote: - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: Micheal Patterson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, September 17, 2004 11:47 AM Subject: Re: Too many dynamic rules, sorry Micheal Patterson wrote: - Original Message

Re: Too many dynamic rules, sorry

--- Norm Vilmer [EMAIL PROTECTED] wrote: Dave McCammon wrote: --- Bill Moran [EMAIL PROTECTED] wrote: Rob [EMAIL PROTECTED] wrote: Norm Vilmer wrote: Here are the rules that I have that keep-state on the outside interface: #For DNS add 01300 pass udp from ${oip} to any

Re: Too many dynamic rules, sorry

. - Original Message - From: Norm Vilmer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:57 PM Subject: Too many dynamic rules, sorry If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall, I get the message Too many dynamic rules, sorry.