IPFW: Why can I add port numbers to established and what does that do ?
javocado
javocado at gmail.com
Thu Nov 16 19:29:32 UTC 2017
Almost every single ipfw ruleset I create has this as the very first rule:
allow tcp from any to any established
... and I just noticed that ipfw allows me to specify a port on this rule:
allow tcp from any to any 22 established
If I create a new connection to port 22, I need a rule to allow port 22
traffic out:
allow tcp from any to any 22
... but once that connection is established, doesn't the client begin
talking to the server on an ephemeral port (not 22) that isn't predictable ?
Why would it ever make sense to specify a port on established ?
More information about the freebsd-questions
mailing list