ipfw fwd and ipfw allow
Victor Sudakov
sudakov at sibptus.tomsk.ru
Fri Sep 10 12:55:44 UTC 2010
Nikos Vassiliadis wrote:
> >A packet generated locally 1) should be forwarded by a 'fwd'
> >rule and 2) should create a dynamic 'allow' rule for returning
> >traffic. Could you please suggest a ruleset for this.
>
> The fw has the 10.0.0.1 IP address.
> The 10.0.0.100 IP address belongs to another computer running a TCP
> service at 9999.
>
> The IPFW rules:
> >fw# ipfw list
> >00100 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port 9999 keep-state
> >00200 deny ip from any to any
> >65535 allow ip from any to any
It seems that the 'fwd ... keep-state' statement does create a useful
dynamic rule. It contradicts the ipfw(8) man page but works. Thank you
for enlightment.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list