Date: Mon, 26 Feb 2001 18:08:47 -0800 From: "Dan O'Connor" <dan@mostgraveconcern.com> To: "Duraid" <latif2221@home.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: NAT with ipfw? Message-ID: <008b01c0a062$38812200$029b140a@danco>
next in thread | raw e-mail | index | archive | help
>if the default policy is to deny every thing then why you firewall is
>full with deny rulls. shouldn't it just have the allow rulls since
>everything else is going to be droped by default.
Mostly to log specific ports...Others (like FTP) so I can quickly make them
'allow' temporarily.
>other thing i think your firewall is stateless (using establish). if you
>have made it statefull (using keep-state) i think it would be much
>smaller.
Well, for now, two reasons:
1. What I've got works for me, so "If it ain't broke, don't fix it"...
2. I haven't had time to get up to speed on keep-state :-(
As I get time, I'll explore this...
>neat site.. in my bookmarks
Thanks, glad you find it useful!
--Dan
--
Dan O'Connor
On Matters of Most Grave Concern
http://www.mostgraveconcern.com
FreeBSD Cheat Sheets
http://www.mostgraveconcern.com/freebsd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008b01c0a062$38812200$029b140a>