Hello I've just sometime ago got a second computer, I installed FreebSD 5.2 on it, full installation and I'm on my way of making a server out of it. Basically from the beginning, I've been struggling with ipfw, to make up a good ruleset.
I've enabled IPFIREWALL in the kernel. My philosophy is, if it's not in the rules deny it. I have a very strict ruleset at the moment, only allowing connections to certain services and all from designated ports. All other connections are denied. My problem is that this also hinders my use of Internet from this machine. Although I have a rule that allows all connection from the server to outside, many connections spawn a reply. i.e. if I ping an address, I must also enable icmp from the outside world to my machine to receive the reply. My question is, can I make a rule that allows such replies to pass the packet filter, but to drop if it is not such a reply or similar signal? I tried using the setup and established flags but either I did something wrong or it just didn't work out that way. -- Tomi _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
