From simon@arthur.nitro.dk  Sun Feb  2 11:31:58 2003
Return-Path: <simon@arthur.nitro.dk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 007D937B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  2 Feb 2003 11:31:58 -0800 (PST)
Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7918B43F75
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  2 Feb 2003 11:31:56 -0800 (PST)
	(envelope-from simon@arthur.nitro.dk)
Received: by arthur.nitro.dk (Postfix, from userid 1000)
	id B8CE710BF97; Sun,  2 Feb 2003 20:31:55 +0100 (CET)
Message-Id: <20030202193155.B8CE710BF97@arthur.nitro.dk>
Date: Sun,  2 Feb 2003 20:31:55 +0100 (CET)
From: Simon L.Nielsen <simon@nitro.dk>
Reply-To: Simon L.Nielsen <simon@nitro.dk>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] Error in ipfw manpage example
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         47817
>Category:       docs
>Synopsis:       [patch] Error in ipfw manpage example
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 02 11:40:10 PST 2003
>Closed-Date:    Tue Feb 04 02:37:17 CET 2003
>Last-Modified:  Tue Feb 04 02:37:17 CET 2003
>Originator:     Simon L. Nielsen
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD arthur.nitro.dk 4.7-STABLE FreeBSD 4.7-STABLE #0: Mon Jan 27 23:12:12 CET 2003 root@arthur.nitro.dk:/usr/obj/usr/src/sys/ARTHUR i386
>Description:
The ipfw(8) manpage has an example of using ipfw for a stateful
inspection firewall but the example does not work since it is missing
the keep-state keyword to actually create the dynamic rules.
>How-To-Repeat:
>Fix:
--- ipfw-man-keep-state.patch begins here ---
Index: ipfw.8
===================================================================
RCS file: /home/mirror/freebsd/ncvs/src/sbin/ipfw/ipfw.8,v
retrieving revision 1.119
diff -u -d -r1.119 ipfw.8
--- ipfw.8	12 Jan 2003 03:31:10 -0000	1.119
+++ ipfw.8	2 Feb 2003 19:01:52 -0000
@@ -1212,7 +1212,7 @@
 will be allowed through the firewall:
 .Pp
 .Dl "ipfw add check-state"
-.Dl "ipfw add allow tcp from my-subnet to any setup"
+.Dl "ipfw add allow tcp from my-subnet to any setup keep-state"
 .Dl "ipfw add deny tcp from any to any"
 .Pp
 A similar approach can be used for UDP, where an UDP packet coming
@@ -1220,7 +1220,7 @@
 the firewall:
 .Pp
 .Dl "ipfw add check-state"
-.Dl "ipfw add allow udp from my-subnet to any"
+.Dl "ipfw add allow udp from my-subnet to any keep-state"
 .Dl "ipfw add deny udp from any to any"
 .Pp
 Dynamic rules expire after some time, which depends on the status
--- ipfw-man-keep-state.patch ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: brueffer 
State-Changed-When: Tue Feb 4 02:36:56 CET 2003 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47817 
>Unformatted:
