Date: Fri, 9 Jun 2000 21:27:13 +0200 From: Marc Silver <marcs@draenor.org> To: Roelof Osinga <roelof@nisser.com> Cc: Steve Coles <scoles@tripos.com>, questions@FreeBSD.ORG Subject: Re: Relative merits of IPFIREWALL and IPFILTER Message-ID: <20000609212713.F81376@draenor.org> In-Reply-To: <39414492.ACFF042A@nisser.com>; from roelof@nisser.com on Fri, Jun 09, 2000 at 09:25:06PM %2B0200 References: <0f4a01bfd229$00605ab0$4c9814ac@volga.TRIPOS.COM> <39413FFB.85A522F6@nisser.com> <20000609211149.C81376@draenor.org> <39414492.ACFF042A@nisser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
*nod* Just some examples are: # Check state of all stateful connections ipfw add check-state # Allow in any packets that are part of an existing connection ipfw add pass tcp from any to x.x.x.x in via rl0 established # Allow outbound tcp/udp packets with state ipfw add allow tcp from x.x.x.x to any out via rl0 keep-state setup ipfw add allow udp from x.x.x.x to any out via rl0 keep-state ipfw add allow icmp from x.x.x.x to any out via rl0 keep-state I only recently found out about it too... :) Cheers, Marc On Fri, Jun 09, 2000 at 09:25:06PM +0200, Roelof Osinga wrote: > Marc Silver wrote: > > > > errr, nope. :) ipfw can handle stateful stuff :) > > Hey, interesting. I've always gathered that to be the distinguishing > feature between them. I mean - from ipf(5) - ipfw doesn't do > > state keeps information about the flow of a communication > session. State can be kept for TCP, UDP, and ICMP > packets. > > this. Ipfw sees each packet as a distinct entity. But if that > has changed while I was asleep, so more the better. I'm > using ipfw, you see <g>. > > Roelof > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000609212713.F81376>