allow established

flant · Aug 5, 2012

hi2all
I'm only starting with IPFW, but I already have experience with iptables. on my debian server I'm using

Code:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

with default INPUT drop policy.
trying to do the same in IPFW:

Code:

ipfw add allow all from me to any
ipfw add allow all from any to me establish

but it works strange. I can establish ftp, or ssh connection from FreeBSD to other host and they can't doing the same to me, but I can't ping internet hosts, and pkg_add -r blablabla also doesn't work.

plamaiziere · Aug 6, 2012

flant said:
hi2all
I'm only starting with IPFW, but I already have experience with iptables. On my debian server I'm using

Code:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

with default INPUT drop policy.
trying to do the same in ipfw:

Code:

ipfw add allow all from me to any ipfw add allow all from any to me establish

Don't do this. established (from ipfw(8)): Matches TCP packets that have the RST or ACK bits set. Use states instead, something like (I've not checked the syntax...)

Code:

ipfw add check-state
ipfw add allow all from me to any keep-state

Regards.

flant · Aug 6, 2012

Thank you very much!
Now I'm bigger, than newbie )))

plamaiziere · Aug 21, 2012

flant said:
Thank you very much!
Now I'm bigger, than newbie )))

You are welcome. Well there is no newby (I dislike this term) on FreeBSD, just people learning. I'm learning too...

allow established

flant

plamaiziere

flant

plamaiziere