ipfw lost its mind?
Chuck Swiger
cswiger at mac.com
Thu Mar 3 10:48:17 PST 2005
Paul Schmehl wrote:
[ ... ]
> So, I removed rule 00001 and created a new one like this:
> ipfw add 00050 allow ip from {my workstation at work) to any.
>
> I then ssh'd to my workstation and attempted to ssh back to the server.
> No go. Yet ipfw show shows an increased packet count on the counter for
> that rule. So, it's seeing the packets, but they're being delayed somehow.
>
> Why the allow ip from any to any works, but allow ip from my workstation
> to any doesn't is a complete mystery to me.
TCP connections are bidirectional, therefore you need to add rules which allow
traffic from all back to your workstation, or else use keep-state and
check-state to use dynamic rules....
--
-Chuck
More information about the freebsd-questions
mailing list