Correct examples for stateful inspection
PR: 47817 Submitted by: Simon L.Nielsen <simon@nitro.dk> Reviewed by: ceri, luigi
This commit is contained in:
parent
1413f7de53
commit
16b3d3546d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=110304
@ -1212,7 +1212,7 @@ dynamic rule for the flow so that packets belonging to that session
|
||||
will be allowed through the firewall:
|
||||
.Pp
|
||||
.Dl "ipfw add check-state"
|
||||
.Dl "ipfw add allow tcp from my-subnet to any setup"
|
||||
.Dl "ipfw add allow tcp from my-subnet to any setup keep-state"
|
||||
.Dl "ipfw add deny tcp from any to any"
|
||||
.Pp
|
||||
A similar approach can be used for UDP, where an UDP packet coming
|
||||
@ -1220,7 +1220,7 @@ from the inside will install a dynamic rule to let the response through
|
||||
the firewall:
|
||||
.Pp
|
||||
.Dl "ipfw add check-state"
|
||||
.Dl "ipfw add allow udp from my-subnet to any"
|
||||
.Dl "ipfw add allow udp from my-subnet to any keep-state"
|
||||
.Dl "ipfw add deny udp from any to any"
|
||||
.Pp
|
||||
Dynamic rules expire after some time, which depends on the status
|
||||
|
Loading…
Reference in New Issue
Block a user