ipfw lost its mind?
Paul Schmehl
pauls at utdallas.edu
Thu Mar 3 11:38:39 PST 2005
--On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger
<cswiger at mac.com> wrote:
>
> TCP connections are bidirectional, therefore you need to add rules which
> allow traffic from all back to your workstation, or else use keep-state
> and check-state to use dynamic rules....
The firewall script already had a rule for that:
allow ip from {server} to any
The problem wasn't that the firewall was *stopping* legitimate packets. It
was just *slowing them down* like crazy. Very weird.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list