Micheal Patterson wrote:
.
- Original Message - From: Norm Vilmer
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall,
I get the message Too
.
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry
Micheal Patterson wrote:
.
- Original Message - From: Norm
Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass
Micheal Patterson wrote:
.
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry
Micheal Patterson wrote:
.
- Original Message
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry
snip
I do have a check-state rule
add 00200 check-state
Norm Vilmer
Ok
You'll generally need to keep state on UDP when you
play online games.
If you're smart, you don't allow arbitrary UDP
packets from the outside
world into your network, but if you're playing
Unreal or something, then
all communication is via UDP, and you won't be able
to play.
The
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any
Micheal Patterson wrote:
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry
snip
I do have a check-state rule
add 00200 check-state
Bill Moran wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from
Dave McCammon wrote:
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry
Micheal Patterson wrote:
- Original Message -
From: Norm Vilmer
Micheal Patterson wrote:
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: Micheal Patterson [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry
Micheal Patterson wrote:
- Original Message
--- Norm Vilmer [EMAIL PROTECTED] wrote:
Dave McCammon wrote:
--- Bill Moran [EMAIL PROTECTED] wrote:
Rob [EMAIL PROTECTED] wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any
.
- Original Message -
From: Norm Vilmer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry
If I repeatedly nmap my FreeBSD 4.10 machine configured with
ipfirewall,
I get the message Too many dynamic rules, sorry.
16 matches
Mail list logo