ipfw lost its mind?
Subhro
subhro.kar at gmail.com
Thu Mar 3 11:51:23 PST 2005
Do you block UDP?
I am asking this because, I *used* do a block on all UDP except the DNS port
and had exactly the same problem.
Regards
S.
Indian Institute of Information Technology
Subhro Sankha Kar
Block AQ-13/1, Sector V
Salt Lake City
PIN 700091
India
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-
> questions at freebsd.org] On Behalf Of Paul Schmehl
> Sent: Friday, March 04, 2005 1:09
> To: FreeBSD questions
> Subject: Re: ipfw lost its mind?
>
> --On Thursday, March 03, 2005 01:48:16 PM -0500 Chuck Swiger
> <cswiger at mac.com> wrote:
> >
> > TCP connections are bidirectional, therefore you need to add rules which
> > allow traffic from all back to your workstation, or else use keep-state
> > and check-state to use dynamic rules....
>
> The firewall script already had a rule for that:
> allow ip from {server} to any
>
> The problem wasn't that the firewall was *stopping* legitimate packets.
> It
> was just *slowing them down* like crazy. Very weird.
>
> Paul Schmehl (pauls at utdallas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3677 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050304/057be4b7/smime.bin
More information about the freebsd-questions
mailing list