diff options
author | brueffer <brueffer@FreeBSD.org> | 2003-02-04 01:33:25 +0000 |
---|---|---|
committer | brueffer <brueffer@FreeBSD.org> | 2003-02-04 01:33:25 +0000 |
commit | cbd85a777d713a4108df2835eb5a1ef0027f0433 (patch) | |
tree | 8f93bae6f39941d885294bd253c4cc001f69dc83 /sbin | |
parent | f2d3e8e22c98806ae4a9cc529bc7cab78301faab (diff) | |
download | FreeBSD-src-cbd85a777d713a4108df2835eb5a1ef0027f0433.zip FreeBSD-src-cbd85a777d713a4108df2835eb5a1ef0027f0433.tar.gz |
Correct examples for stateful inspection
PR: 47817
Submitted by: Simon L.Nielsen <simon@nitro.dk>
Reviewed by: ceri, luigi
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 34e5012..6744ab4 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1212,7 +1212,7 @@ dynamic rule for the flow so that packets belonging to that session will be allowed through the firewall: .Pp .Dl "ipfw add check-state" -.Dl "ipfw add allow tcp from my-subnet to any setup" +.Dl "ipfw add allow tcp from my-subnet to any setup keep-state" .Dl "ipfw add deny tcp from any to any" .Pp A similar approach can be used for UDP, where an UDP packet coming @@ -1220,7 +1220,7 @@ from the inside will install a dynamic rule to let the response through the firewall: .Pp .Dl "ipfw add check-state" -.Dl "ipfw add allow udp from my-subnet to any" +.Dl "ipfw add allow udp from my-subnet to any keep-state" .Dl "ipfw add deny udp from any to any" .Pp Dynamic rules expire after some time, which depends on the status |