Date: Sat, 10 Jan 2015 15:55:02 +0600 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-questions@freebsd.org Subject: A superficially simple stateful ipfw configuration? Message-ID: <20150110095502.GA71577@admin.sibptus.tomsk.ru>
next in thread | raw e-mail | index | archive | help
Colleagues, Has anyone been able to emulate the logic of Cisco PIX with ipfw? Like, there are 3 interfaces: Inside, Outside and DMZ. You assign security levels to the interfaces (Outside=0, DMZ=50, Inside=100) and the traffic can be initiated only from the more secure interface to the less secure one and not vice versa. The check-state traffic can also return from the less secure interface to the more secure one. It sounds simple but I have difficulties implementing the logic with ipfw. Any recipes/macros please? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150110095502.GA71577>