Date: Fri, 31 Jul 1998 14:07:31 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: spork <spork@super-g.com> Cc: questions@FreeBSD.ORG Subject: Re: IPFilter and "stateful inspection"(TM) Message-ID: <Pine.BSF.4.00.9807311405360.14321-100000@resnet.uoregon.edu> In-Reply-To: <Pine.BSF.4.00.9807301926110.18364-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 30 Jul 1998, spork wrote: > Hello, > > I saw a post on the Cisco list regarding routers vs. PCs, and someone had > mentioned doing "stateful inspection" (a'la Firewall-1) under FreeBSD. He > pointed to IPFilter (http://coombs.anu.edu.au/~avalon/ip-filter.html). > > Looking at this snippet is it saying what I think it says? Which is > "throw away FW-1 for your cheap clients and install IPFilter and FBSD on a > PC"?? From what I know of FW-1, it keeps track ("state") of outgoing > connections, ie: user goes to www.news.com, firewall makes a note of it, > opens a hole in the packet filter to let the return packets from > www.news.com in and then closes the hole. Roughly... > > So does that sound like what this describes? If so, that rocks so hard I > might wet myself. Opinions? Questions? IPFW vs. IPFilter rants? > IPFilter will be in 3.0 if memory serves, correct? It sounds like 'stateful inspection' is the connection-setup half of NATD. NATD's other half is to map the addresses. If the network behind the firewall isn't Internet-reachable anyway, then you might as well use a stock FreeBSD box with ipfw & natd and fake addresses on the interior. > "keep state" automatically matches packets going in the reverse direction > (usually out) or on other interfaces without > needing explicit rules. I've seen this written by allowing established TCP connections, but I think this is a bit more intelligent. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9807311405360.14321-100000>