From owner-freebsd-small  Thu Sep  7 15: 9:34 2000
Delivered-To: freebsd-small@freebsd.org
Received: from sneakerz.org (sneakerz.org [207.154.226.254])
	by hub.freebsd.org (Postfix) with ESMTP id A2D1137B43E
	for <freebsd-small@freebsd.org>; Thu,  7 Sep 2000 15:09:32 -0700 (PDT)
Received: by sneakerz.org (Postfix, from userid 1023)
	id 4C25C5D006; Thu,  7 Sep 2000 17:09:27 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
	by sneakerz.org (Postfix) with ESMTP
	id 4ACBA59206; Thu,  7 Sep 2000 17:09:27 -0500 (CDT)
Date: Thu, 7 Sep 2000 17:09:27 -0500 (CDT)
From: missnglnk <missnglnk@sneakerz.org>
To: Albert Yang <albert@achtung.com>
Cc: freebsd-small@freebsd.org
Subject: Re: Stateful
In-Reply-To: <39B7A867.14388.FD8738@localhost>
Message-ID: <Pine.BSF.4.21.0009071706020.48373-100000@sneakerz.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-small@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 7 Sep 2000, Albert Yang wrote:

> Date: Thu, 7 Sep 2000 14:38:31 -0700
> From: Albert Yang <albert@achtung.com>
> To: freebsd-small@freebsd.org
> Subject: Stateful
> 
> Luigi,
> 
> Is the ipfw on your pico disk stateful?  I might give it a try 
> tonight.  Definitely looks interesting.  I need a firewall and nat.  
> I am using a DSL router right now, but I'd like to return it and use 
> one of my boxes, save me $200.

ipfw(8) has been stateful since 4.0-RELEASE. natd(8) will work for your
NAT needs.

> I like ipf because of all the ruleset languaging, it's the one that 
> makes the most sense, and I know that Reed has been doing this for a 
> while and knows what he is doing.  That in no way means that the ipfw 
> team doesn't.

ipfw add check-state
ipfw add allow ip from any to any in via internalN keep-state
ipfw add allow ip from any to any out via internalN keep-state
ipfw add allow ip from any to any out via externalN keep-state
ipfw add deny ip from any to any

...works for me.

> Albert
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-small" in the body of the message
> 
--
missnglnk@sneakerz.org
http://www.sneakerz.org/~missnglnk/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message