From owner-freebsd-ipfw Mon Dec 13 14:45:16 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.dbitech.bc.ca (i.caniserv.com [139.142.95.1]) by hub.freebsd.org (Postfix) with SMTP id 763BF14D21 for ; Mon, 13 Dec 1999 14:45:11 -0800 (PST) (envelope-from darcy@ok-connect.com) Received: (qmail 8121 invoked from network); 13 Dec 1999 22:45:06 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (darcyb@139.142.95.253) by 139.142.95.10 with SMTP; 13 Dec 1999 22:45:06 -0000 Message-Id: <3.0.32.19991213144606.00ac3590@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 13 Dec 1999 14:46:06 -0800 To: freebsd-ipfw@FreeBSD.ORG From: Darcy Buskermolen Subject: ipfw as a statefull firewall Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm looking to use ipfw as a statefull firewall (much like checkpoint FW-1 does) for use in a one to one NAT configuration. syn/ack filter is OK, however thes can of course be spoofed. From my understanding this functionality is available in ipfilter. Is it also available in ipfw ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Dec 20 12:46:49 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 4FF3B14D5E for ; Mon, 20 Dec 1999 12:46:30 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id MAA22866; Mon, 20 Dec 1999 12:45:29 -0800 (PST) From: Archie Cobbs Message-Id: <199912202045.MAA22866@bubba.whistle.com> Subject: Re: ipfw as a statefull firewall In-Reply-To: <3.0.32.19991213144606.00ac3590@mail.ok-connect.com> from Darcy Buskermolen at "Dec 13, 1999 02:46:06 pm" To: darcy@ok-connect.com (Darcy Buskermolen) Date: Mon, 20 Dec 1999 12:45:29 -0800 (PST) Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Darcy Buskermolen writes: > I'm looking to use ipfw as a statefull firewall (much like checkpoint FW-1 > does) for use in a one to one NAT configuration. syn/ack filter is OK, > however thes can of course be spoofed. From my understanding this > functionality is available in ipfilter. Is it also available in ipfw ? No, ipfw(8) is not stateful. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Dec 20 17:43:35 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 0F5A715271 for ; Mon, 20 Dec 1999 17:43:34 -0800 (PST) (envelope-from julian@whistle.com) Received: from current1.whiste.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id RAA46809; Mon, 20 Dec 1999 17:43:31 -0800 (PST) Date: Mon, 20 Dec 1999 17:43:30 -0800 (PST) From: Julian Elischer To: Archie Cobbs Cc: Darcy Buskermolen , freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw as a statefull firewall In-Reply-To: <199912202045.MAA22866@bubba.whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG though, you could use ipfw DIVERT to create a stateful firewall daemon. (similar to the NAT daemon) On Mon, 20 Dec 1999, Archie Cobbs wrote: > Darcy Buskermolen writes: > > I'm looking to use ipfw as a statefull firewall (much like checkpoint FW-1 > > does) for use in a one to one NAT configuration. syn/ack filter is OK, > > however thes can of course be spoofed. From my understanding this > > functionality is available in ipfilter. Is it also available in ipfw ? > > No, ipfw(8) is not stateful. > > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message