Date: Tue, 29 Apr 2003 21:58:56 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Antoine Jacoutot <ajacoutot@lphp.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw dynamic rule timeout Message-ID: <20030430045856.GA23926@blossom.cjclark.org> In-Reply-To: <200304300100.42983.ajacoutot@lphp.org> References: <200304271259.02025.ajacoutot@lphp.org> <200304290038.59573.ajacoutot@lphp.org> <20030429203842.GB22678@blossom.cjclark.org> <200304300100.42983.ajacoutot@lphp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 30, 2003 at 01:00:42AM +0200, Antoine Jacoutot wrote: > On Tuesday 29 April 2003 22:38, Crist J. Clark wrote: > > Not sure where you're looking there, but when I BSD Google for "ipfw > > natd keep-state" the first link is, > > > > http://docs.freebsd.org/mail/archive/2002/freebsd-ipfw/20020804.freebsd-ipf > >w.html > > Thanks, I guess I put in the wrong keywords. > I read all of this and came to the conclusion that there was no solution to > this problem, at least I can't see one. > I guess I'll have to build my firewall with something else. > > But thanks. I think several of the articles point to the easiest solution: Don't use keep-state rules in conjunction with natd(8). Keep-state doesn't offer you anything more than using natd(8) with stateless rules for the vast majority of policies. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430045856.GA23926>