From owner-freebsd-security Thu Jul 19 8:26: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id D5D8237B401 for ; Thu, 19 Jul 2001 08:26:05 -0700 (PDT) (envelope-from rjh@mohawk.net) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.11.3/8.11.3) with ESMTP id f6JFTOx01385; Thu, 19 Jul 2001 11:29:24 -0400 (EDT) Date: Thu, 19 Jul 2001 11:29:24 -0400 (EDT) From: Ralph Huntington To: Dag-Erling Smorgrav Cc: "Sergey N. Voronkov" , Nick Maschenko , security@FreeBSD.ORG Subject: Re: Fw: Re: A question about FreeBSD security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > I prefer to use IPF 'cose of it's stateful filtering. > > IPFW can keep state as well. Ah, but do they keep state in the same way? How is that accomplished? Is one as secure as the other in this regard? My understanding (someone please correct me if I am wrong) is that IPFW relies on the incoming packets' own headers to infer the established state, whereas IPF keeps a table of outgoing packets (when told to keep state) and matches incoming packets to the entries in the table to determine if they are actually in response to an outgoing packet. This seems to indicate that packets could be spoofed to fool IPFW regarding state. Would someone more knowledgeable about these firewalls please comment on this? Thank you very much. -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message