Hi Freddie Cash!
On Wed, 19 Mar 2008 13:55:53 -0700; Freddie Cash wrote about 'Re: "established"
on { tcp or udp } rules':
> ipfw add allow { tcp or udp } from me to any 53 out xmit fxp0
> ipfw add allow { tcp or udp } from any 53 to me in recv fxp0
> established
>> as for the question of whether UDP ... established evaluates to true
>> or false, I would guess false but you'll have to test.
> See my follow-up e-mail. It appears that UDP packets don't match due to
> the established keyword.
> It appears that:
> ipfw add allow tcp from any to me in recv fxp0 established
> and
> ipfw add allow { tcp or udp } from any to me in recv fxp0 established
> are functionally the same. Perhaps a warning should be emitted when one
> tries to add the rule?
> Hrm, it seems something is different with ipfw on 6.3. One can add:
> ipfw add allow udp from any to any established
> without any errors or warnings, but it will never match any packets. I'm
> sure back in the 4.x days when I started using ipfw that it would error
> out with something along the lines of "TCP options can't be used with UDP
> rules".
This is behaviour of ipfw2 - options are independently ANDed. Thus, man page
explicitly says:
established
Matches TCP packets that have the RST or ACK bits set.
So, it is obvious that udp packet will not match and thus entire rule will not
match.
--
WBR, Vadim Goncharov. ICQ#166852181 mailto:[EMAIL PROTECTED]
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
