Correct examples for stateful inspection
PR: 47817 Submitted by: Simon L.Nielsen <simon@nitro.dk> Reviewed by: ceri, luigi
This commit is contained in:
parent
1413f7de53
commit
16b3d3546d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=110304
@ -1212,7 +1212,7 @@ dynamic rule for the flow so that packets belonging to that session
|
|||||||
will be allowed through the firewall:
|
will be allowed through the firewall:
|
||||||
.Pp
|
.Pp
|
||||||
.Dl "ipfw add check-state"
|
.Dl "ipfw add check-state"
|
||||||
.Dl "ipfw add allow tcp from my-subnet to any setup"
|
.Dl "ipfw add allow tcp from my-subnet to any setup keep-state"
|
||||||
.Dl "ipfw add deny tcp from any to any"
|
.Dl "ipfw add deny tcp from any to any"
|
||||||
.Pp
|
.Pp
|
||||||
A similar approach can be used for UDP, where an UDP packet coming
|
A similar approach can be used for UDP, where an UDP packet coming
|
||||||
@ -1220,7 +1220,7 @@ from the inside will install a dynamic rule to let the response through
|
|||||||
the firewall:
|
the firewall:
|
||||||
.Pp
|
.Pp
|
||||||
.Dl "ipfw add check-state"
|
.Dl "ipfw add check-state"
|
||||||
.Dl "ipfw add allow udp from my-subnet to any"
|
.Dl "ipfw add allow udp from my-subnet to any keep-state"
|
||||||
.Dl "ipfw add deny udp from any to any"
|
.Dl "ipfw add deny udp from any to any"
|
||||||
.Pp
|
.Pp
|
||||||
Dynamic rules expire after some time, which depends on the status
|
Dynamic rules expire after some time, which depends on the status
|
||||||
|
Loading…
Reference in New Issue
Block a user