search for: skipto

...new server i've got this issue with ipfw that i can't understand ... something is wrong ... 01000 8042 1947866 allow ip from any to any via fxp0 01010 0 0 allow ip from any to any via lo0 01014 9886 4170269 divert 8668 ip from any to any in via vr0 01015 0 0 check-state 01130 14679 5695969 skipto 1800 ip from any to any out via vr0 keep-state 01300 0 0 deny ip from 192.168.0.0/16 <http://192.168.0.0/16> to any in via vr0 01301 0 0 deny ip from 172.16.0.0/12 <http://172.16.0.0/12> to any in via vr0 01302 4 140 deny ip from 10.0.0.0/8 <http://10.0.0.0/8> to any in via vr0 01...

I've been using ipfw for a while to create a router with NAT and packet filtering, but have never combined it with stateful filtering, instead using things like "established" to accept incoming TCP packets which are part of a conversation initiated from the "inside". I'd like to move to using keep-state/check-state to get tighter filtering and also to allow outgoing