stephenmath.missouri.edu

• Next message: Mike Hoskins: "Re: Problems with natd and simple firewall"
• Previous message: Mike Hoskins: "Re: Problems with natd and simple firewall"
• Next in thread: Andrew Johns: "Re: log with dynamic firewall rules"
• Reply: Andrew Johns: "Re: log with dynamic firewall rules"
• Reply: Stephen Montgomery-Smith: "Re: log with dynamic firewall rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would like to set up a firewall with dynamic rules to allow
ssh from the outside. I would like these incoming ssh's logged.
So I tried something like:

ipfw add pass log tcp from any to my.computer.net 22 keep-state setup

Now it would make sense to me that this would log the initial setup,
but that the following times that the then created dynamic rule is
invoked would not be logged.

However that is not the case. All the tcp packets between the
established conenction are logged.

I know that I could have some rules:

add pass tcp from any to any in via ${oif} established
add pass all from any to any frag

before this one, but doesn't that defeat part of the point of
dynamic rules?

-- 
Stephen Montgomery-Smith
Department of Mathematics, University of Missouri, Columbia, MO 65211
Phone 573-882-4540, fax 573-882-1869
http://www.math.missouri.edu/~stephen  stephenmath.missouri.edu
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Mike Hoskins: "Re: Problems with natd and simple firewall"
• Previous message: Mike Hoskins: "Re: Problems with natd and simple firewall"
• Next in thread: Andrew Johns: "Re: log with dynamic firewall rules"
• Reply: Andrew Johns: "Re: log with dynamic firewall rules"
• Reply: Stephen Montgomery-Smith: "Re: log with dynamic firewall rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]