When to use setup keyword?
Roderick van Domburg
r.s.a.vandomburg at student.utwente.nl
Sat Oct 4 09:01:06 PDT 2003
Hello everyone,
I was pondering if blindly trailing every tcp rule with the 'setup' keyword
would incur any performance loss or security hazard.
I've got a server setup serving FTP, SSH, SMTP, DNS and HTTP. My rules in
question are the following:
allow tcp from any to {$ip} dst-port 21 setup
allow tcp from any to {$ip} dst-port 22 setup
allow tcp from any to {$ip} dst-port 25 setup
allow tcp from any to {$ip} dst-port 53 setup
allow tcp from any to {$ip} dst-port 80 setup
All services run just fine, but I was thinking that excluding 'setup' here
and there would make for a cleaner solution? For example, I don't think that
HTTP (even 1.1) requires the setup keyword does it?
Regards,
Roderick
More information about the freebsd-ipfw
mailing list