Date: Wed, 10 Feb 1999 09:45:00 -0700 (MST) From: wildcardus freakis <wildcard@dax.belen.k12.nm.us> To: John F Cuzzola <vdrifter@ocis.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and natd Message-ID: <Pine.BSF.3.96.990210093900.11140A-100000@dax.belen.k12.nm.us> In-Reply-To: <Pine.LNX.3.96.990209224124.20336A-100000@ocis.ocis.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes and no...if it is coming in from the outside and you have the outside interface specified in a filter line it is...i.e. I send a packet you you containing SYN flags which your filtering against my packet will be dropped. If I am inside your firewall my packet which is destined for and inside machine is not diverted so will not be filtered. If I am inside going out the packet is filtered. So specified filters are applicable. This is to the best of my knowledge so...correct me please if I am wrong. BTW teardrop SYN packets unless filtered against cut right through firewalls...I know I've done it. -Ta- Sasha > Hi, a quick question: > when a packet is diverted (ipfw divert) to natd and natd 're-injects' the > re-assembled packet back into the packet stream,- is this newly injected > packet still checked against the firewall rules? > > thanks in advance. > > ps: FreeBSD is the Superior OS :) > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990210093900.11140A-100000>