Hi,
I'm using ipfw with dynamic rules, and I'm having problems. Consi-
der the following rules:
ipfw add check-state
ipfw add deny tcp from any to any established
ipfw add pass ip from me to any
ipfw add pass tcp from any to me ssh keep-state setup
ipfw add pass tcp from any to me telnet keep-state setup
Which is basically from the man page. The problem is that after
establishing a successful telnet/ssh session, I have about 90-120
seconds time to have some traffic pass over the session before it
dies. Now when I say die, the connection is not dropped initially,
it just appears that all traffic I sent is blocked.
If I had to take a wild guess, I'd say that the keep-state setup
rules added dynamically are expiring too quickly, and thus, subseq-
uent traffic is hitting the ``deny tcp from any to any established''
rule.
I'm using ipfw v1 and 4.7-STABLE as of a few days ago. Any
thoughts?
Regards,
Trent.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
