upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 16:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Correct examples for stateful inspection

Browse source 
PR:		47817
Submitted by:	Simon L.Nielsen <simon@nitro.dk>
Reviewed by:	ceri, luigi
This commit is contained in:
Christian Brueffer 2003-02-04 01:33:25 +00:00
parent 1413f7de53
commit 16b3d3546d
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sbin/ipfw/ipfw.8
View file

@ -1212,7 +1212,7 @@ dynamic rule for the flow so that packets belonging to that session
will be allowed through the firewall:
.Pp
.Dl "ipfw add check-state"
.Dl "ipfw add allow tcp from my-subnet to any setup"
.Dl "ipfw add allow tcp from my-subnet to any setup keep-state"
.Dl "ipfw add deny tcp from any to any"
.Pp
A similar approach can be used for UDP, where an UDP packet coming
@ -1220,7 +1220,7 @@ from the inside will install a dynamic rule to let the response through
the firewall:
.Pp
.Dl "ipfw add check-state"
.Dl "ipfw add allow udp from my-subnet to any"
.Dl "ipfw add allow udp from my-subnet to any keep-state"
.Dl "ipfw add deny udp from any to any"
.Pp
Dynamic rules expire after some time, which depends on the status