IPFW equivalent of iptables --state ESTABLISHED, RELATED
Eric F Crist
ecrist at secure-computing.net
Sun Oct 23 07:05:01 PDT 2005
On Oct 22, 2005, at 11:53 PM, John Do wrote:
> Hi guys
>
> I'm having trouble with IPFW I need to allow user
> initiated traffic IN but I can't
>
> Basically in iptables for Linux I would have used
> something like
> -A INPUT -p tcp -m tcp --state ESTABLISHED,RELATED -j
> ACCEPT
>
>
> Can someone help me discover what the equivalent
> syntax in IPFW would be?
>
> I have tried to use "allow tcp from any to any
> established in" but it doesn't work
>
> much appreciated
>
> thanks guys !
I'm not quite sure what you're trying to accomplish. If you just
want traffic enabled so that when users are browsing the web they get
the replies from their requests, that rule is written as:
ipfw add ### allow ip from any to any established
The rule won't allow new traffic in or out without other rules
enabling it. An example ruleset could look like this:
ipfw add 100 allow ip from me to any
ipfw add 200 allow ip from 192.168.1.0/24 to any out via dc0
ipfw add 300 allow ip from any to any established
ipfw add 400 deny ip from 192.168.1.0/24 to me in via dc0
ipfw add 500 allow ip from any to any via sk0
In this example, I'm assuming your FreeBSD machine is the network
gateway. NIC dc0 is the outside NIC and sk0 is the internal one.
HTH
_______________________________________________________
Eric F Crist "I am so smart, S.M.R.T!"
Secure Computing Networks -Homer J Simpson
More information about the freebsd-questions
mailing list