From owner-freebsd-security Tue Oct 30 8:53: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 8C8F437B401 for ; Tue, 30 Oct 2001 08:52:17 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.11.4/8.11.3) with ESMTP id f9UGqEb12026; Tue, 30 Oct 2001 11:52:14 -0500 (EST) Date: Tue, 30 Oct 2001 11:52:14 -0500 (EST) From: Ralph Huntington To: Dag-Erling Smorgrav Cc: Michael Scheidell , Subject: Re: can I use keep-state for icmp rules? In-Reply-To: Message-ID: <20011030115012.Y73979-100000@mohegan.mohawk.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 30 Oct 2001, Dag-Erling Smorgrav wrote: > Ralph Huntington writes: > > ipfw does not really track the state, but ipfilter (ipf) does. My > > understanding (please correct me if I'm wrong!) is that ipfw could be > > fooled by incoming packets spoofing the state of the connection, whereas > > ipf keeps its own table and relies on that instead of the incoming > > packets' assertions. -=r=- > > Not true. Both ipf and ipfw can do both stateless and stateful > inspection. Can you be more specific? They both do stateful inspections, yes, but ipfw inspects the incoming packets' headers for the state information, whereas ipf inspects its own state table to associate incoming packets with a particular connection. Is that correct or has ipfw been changed? -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message