ipfw and dynamic rulesets
Mike Ragusa
mragusa at gmail.com
Wed Jul 16 20:39:35 UTC 2008
I am using fwknop 1.9.5 and freebsd 7-stable with ipfw compiled into the
kernel. I am currently unable to get ipfw to update the dynamic rulesets
after i knock on the firewall and open up the ssh port.
My ruleset is as follows
ipfw add 010 allow from any to any via lo0
ipfw add 200 check-state
ipfw add 203 allow all from any to any out keep-state setup
00010 allow ip from any to any via lo0
00200 check-state
00203 allow ip from any to any out setup keep-state
65535 deny ip from any to any
fwknop uses rule 201 to add to the firewall and adds the rule
00201 allow tcp from 156.132.40.212 to any dst-port 22 keep-state
when i run ipfw list or ipfw show, i see my ruleset but i do not see the
dynamic rules which causes the connection to die once the fwknopd reaches
its 30 second time out because nothing has been added to the state
table/dynamic ruleset.
Suggestions are welcome :)
Thank You,
Mike
More information about the freebsd-ipfw
mailing list