Date: Tue, 24 Oct 2000 18:29:44 -0700 (PDT) From: Luigi Rizzo <rizzo@ICSI.Berkeley.EDU> To: Kirk Strauser <kirk@strauser.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Stateful? Non-stateful? I'm lost Message-ID: <Pine.GSO.4.21.0010241820480.17238-100000@fondue.ICSI.Berkeley.EDU> In-Reply-To: <87u2a1zqn1.fsf@pooh.honeypot>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > I am using ipfw on a FreeBSD 4.1.1-STABLE box. I have written ... > exactly what they're supposed to do. My questions are: > > 1. What do they do? they basically install a new rule when a packet matches a given template (typically a rule where not all fields are fully specified). The rule has all fields (IPs, ports and protocol type) specified so it only matches that particular session, and expires when the session is over or has been idle for some time. I leave to you the answer to the other questions as it really depend on your needs whether you should use them or not. Typically, dynamic rules allow you to keep your firewall closed by default and open it only from the inside when you transmit a SYN packet, and only for the duration of your session. If you want to protect a server, i am not 100% sure that they are as useful (though they are probably useful). cheers luigi ----------------------------------+----------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone: (501) 666 2947 ----------------------------------+----------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0010241820480.17238-100000>