From owner-freebsd-security Thu Jun 8 9:18: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1]) by hub.freebsd.org (Postfix) with ESMTP id E105637C0A6 for ; Thu, 8 Jun 2000 09:17:59 -0700 (PDT) (envelope-from vdrifter@ocis.ocis.net) Received: from localhost (vdrifter@localhost) by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id JAA05194 for ; Thu, 8 Jun 2000 09:17:56 -0700 Date: Thu, 8 Jun 2000 09:17:49 -0700 (PDT) From: John F Cuzzola To: freebsd-security@FreeBSD.ORG Subject: ipfw & keep-state Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I'm interested in using the keep-state/check-state options with ipfw. I'm curious however what rules are dynamically created and whether I have control over them, specifically with divert rules. I use divert/natd heavily and I was wondering what happens with a rule like: ipfw divert 7000 ip from any to 200.45.1.7 ipfw divert 7000 ip from 192.168.3.2 to any keep-state (natd would be listening on port 7000 providing static-NAT from 200.45.1.7 to 192.168.3.2) Just curious, thanks JohnC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message