I am fairly new to IPFW, I have question regarding the stateful part of it. Now I may just be misunderstanding this so set me straight if I am. From what I understand when you add a check-state rule and then following that a rule to keep-state, if a packet destined for that port is new and "setup" was not added to the keep-state rule then wouldn't it get denied at the check-state rule since keep-state did not add a dynamic rule? My problem is this, and again this may not even be correct but I have a bsd box that is simply providing me SSH capabilities..here are the rules for it:
add check-state add allow all from any to any 22 in via fxp0 keep-state then the default to deny rule. Now is there a way to allow setup connections but disallow port scanners like nmap from seeing it as being open? Thanks for any help _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
