Filtering established connection in ipfw
Mike Silbersack
silby at silby.com
Thu Mar 18 15:58:44 PST 2004
On Fri, 19 Mar 2004, Tomi Kaistila wrote:
> My question is, can I make a rule that allows such replies to pass the
> packet filter, but to drop if it is not such a reply or similar signal? I
> tried using the setup and established flags but either I did something wrong
> or it just didn't work out that way.
>
> --
> Tomi
What you want is a stateful firewall, aka dynamic firewall rules.
Just use
ipfw add allow ip from yourip to any keep-state
And ipfw will do what you want.
This is described in the ipfw manpage, although it's perhaps not explained
as well as it could be.
Mike "Silby" Silbersack
More information about the freebsd-net
mailing list