Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Sep 2009 15:09:13 +0200
From:      Luigi Rizzo <rizzo@iet.unipi.it>
To:        Cypher Wu <cypher.w@gmail.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Transparent firewall & Dynamic rules
Message-ID:  <20090912130913.GA46135@onelab2.iet.unipi.it>
In-Reply-To: <f9f38a550909120032k2572fd3y30a1a5e5d0b457cd@mail.gmail.com>
References:  <f9f38a550909120032k2572fd3y30a1a5e5d0b457cd@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 12, 2009 at 03:32:54PM +0800, Cypher Wu wrote:
> I want to build a transparent firewall based on IPFW. For static rules
> this is fine, but for dynamic rules, ipfw uses keepalive packet to
> avoid deleting a dynamic rule that both ends are still alive but don't
> issue any traffic for a long time. But this means the firewall should
> have it's own IPs and is not transparent anymore.

keepalives carry the addresses of the two endpoints,
the firewall is not visible.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090912130913.GA46135>