[3832] in linux-net channel archive
ipfwadm and TCP SYN/ACK bits
daemon@ATHENA.MIT.EDU (Colin 'Nonspecialist' Panisset)
Wed Jul 24 09:56:59 1996
From: "Colin 'Nonspecialist' Panisset" <cmp@intercruiser.com.au>
To: linux-net@vger.rutgers.edu
Date: Tue, 23 Jul 1996 20:31:01 +1000 (EST)
I'm trying to use ipfwadm 1.2 to set up a box as a simple packet filtering
firewall. I'm using kernel 1.2.13 (with NET3.019 TCP code).
It doesn't *seem* that I can set up the following rules in the blocking or
forwarding firewall chains:
reject all incoming packets (default)
accept TCP from anywhere to my subnet, ports (...)
accept UDP from anywhere to my subnet, ports (...)
accept ICMP
* accept TCP from my subnet to anywhere with SYN set and ACK cleared
(initiate a TCP connection)
* accept TCP from anywhere to my subnet with ACK set
(packets in response to connection set up above)
The final two rules are the bits I'm having trouble with. The manpage
states that I can do the first one with the '-y' flag, but I don't see how
I can allow a packets for a continuing connection back in.
Help?
-- Colin.
