ipfw fwd and ipfw allow

Victor Sudakov sudakov at sibptus.tomsk.ru
Fri Sep 10 12:55:44 UTC 2010

Nikos Vassiliadis wrote:
> >A packet generated locally 1) should be forwarded by a 'fwd'
> >rule and 2) should create a dynamic 'allow' rule  for returning
> >traffic. Could you please suggest a ruleset for this.
> The fw has the IP address.
> The IP address belongs to another computer running a TCP
> service at 9999.
> The IPFW rules:
> >fw# ipfw list
> >00100 fwd tcp from any to dst-port 9999 keep-state
> >00200 deny ip from any to any
> >65535 allow ip from any to any

It seems that the 'fwd ... keep-state' statement does create a useful
dynamic rule. It contradicts the ipfw(8) man page but works. Thank you
for enlightment.

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

More information about the freebsd-questions mailing list