ipfw setup and keep-state - BSD

This is a discussion on ipfw setup and keep-state - BSD ; Hello I have rules: ${fwcmd} add check-state .......... ${fwcmd} add pass all from 192.168.0.0/16 to any setup keep-state #ipfw show (only part) 00800 0 0 check-state 02800 66541052 38936418331 allow ip from 192.168.0.0/16 to any keep-state The question is: i ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: ipfw setup and keep-state

  1. ipfw setup and keep-state

    Hello

    I have rules:

    ${fwcmd} add check-state
    ..........
    ${fwcmd} add pass all from 192.168.0.0/16 to any setup keep-state

    #ipfw show (only part)
    00800 0 0 check-state
    02800 66541052 38936418331 allow ip from 192.168.0.0/16 to any keep-state

    The question is: i accept all outgoing traffic from my internal networks
    to internet and mark to keep-state.
    Why in rule 800 i have 0 matches ? Why keep-state is not working ?

    Thanx

  2. Re: ipfw setup and keep-state

    vertigo:

    > #ipfw show (only part)
    > 00800 0 0 check-state
    > 02800 66541052 38936418331 allow ip from 192.168.0.0/16 to any keep-state
    >
    > The question is: i accept all outgoing traffic from my internal networks
    > to internet and mark to keep-state.
    > Why in rule 800 i have 0 matches ? Why keep-state is not working ?


    Keep-state adds a dynamic rule with a limited life-time.
    May be "ipfw show -d" shows some marches on the dynamic rule, i'don't
    remember (i use pf or ipfilter).

+ Reply to Thread