Date: Sun, 03 Aug 2003 14:41:32 +0200 (CEST) From: michael <michael@nettmail.de> To: freebsd-security@freebsd.org Subject: ipfw or ipf w/stateful behavior Message-ID: <1059914492.3f2d02fc3de14@mx5.internett.de>
next in thread | raw e-mail | index | archive | help
Hi, first i must tell you, that my english is not the best, i hav learned my english from manpages and documentation. Please excuse this. I have setted up a Box w/FreeBSD 4.7-RELEASE for connecting to the w3 through an DSL/ATM-Connection. Now i know the stateful handling of firewall-rules under linux with iptables.In the second i have understand that FreeBSD comes with the netfilter-extensions. Now i have made all rules with the setup/established or keep-state flags (ipfw) and my ftp-connections are not really stateful. I think that these behavior is also so by irc-chat. Now i wont to know, how must i do to become also an stateful behavior for these services, w/o to open the high-ports from the firewall, then at the last time i become over and over with portscans from outside, and i think this is an security reason. i don't realy want to open the high-ports on my box. give it an chance by using ipf and not ipfw?? i have read the documentations, and i have no hint found that solve this problem, my i have seen that in first time ipf is mutch more complex to configure and has more pitfalls to make mistakes, with the ip packet description language. have anyone any idea we i can solve this problem w/o to open the high-ports?? thanks for all best regards and have a good and funny time michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1059914492.3f2d02fc3de14>