The rulesets that were suggested by Darren Reed forgot to include the outgoing connections. this is the updated rulesets... block in quick proto tcp from any to any head 100 pass in quick proto tcp from any to any flags S keep state group 100 pass out proto tcp from any to any flags S keep state pass in all Brian Kraemer <kraemerat_private> pointed this out with the following paragraph: :: FYI this ruleset (with no other rules applied) will also effectively block :: any outgoing TCP sessions initiated from this machine. The machine will :: send a SYN, and then get blocked because the input rules never saw an :: incoming SYN to start keeping state. Thus, the ruleset should be revised. /tmy -- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- ------ --------+ | Tim Yardley (yardleyat_private) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- ------ --------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:30:22 PDT