Originally posted by chort
Well for one thing you're still not using "keep-state" Using "setup" will only allow SYN packets. When you "allow ip any any" that allows it to send traffic in both directions, as I said in my first post right now you're only allowing datagrams IN, you aren't allowing the responses OUT.
I think these are the only two lines you need (starting fresh, after a flush)
That should do it. Personally, I think ipfw is almost as bizarre as iptables and I hate it. I found PF in OpenBSD to be much easier to use. IPF in FreeBSD and NetBSD is very similar to PF (actually I think PF is a fork of IPF?).
CHORT it work... Thank you very much... Your a BSD guru... Setup is for out and keep-state for in right?
If i setup my to be a web server and mail .. can i use this rules...
ipfw add allow ip from any to 192.168.83.253 80 setup keep-state
ipfw add allow ip from any to 192.168.83.253 110 setup keep-state
ipfw add allow ip from any to 192.168.83.253 25 setup keep-state
lets assume that 192.168.83.253 is a public IP.. this rules are secure right... N If this IP exist on the net Sorry i have no intention of anything...