ipfw dynamic rule timeout
Crist J. Clark
crist.clark at attbi.com
Tue Apr 29 21:59:01 PDT 2003
On Wed, Apr 30, 2003 at 01:00:42AM +0200, Antoine Jacoutot wrote:
> On Tuesday 29 April 2003 22:38, Crist J. Clark wrote:
> > Not sure where you're looking there, but when I BSD Google for "ipfw
> > natd keep-state" the first link is,
> >
> > http://docs.freebsd.org/mail/archive/2002/freebsd-ipfw/20020804.freebsd-ipf
> >w.html
>
> Thanks, I guess I put in the wrong keywords.
> I read all of this and came to the conclusion that there was no solution to
> this problem, at least I can't see one.
> I guess I'll have to build my firewall with something else.
>
> But thanks.
I think several of the articles point to the easiest solution: Don't
use keep-state rules in conjunction with natd(8). Keep-state doesn't
offer you anything more than using natd(8) with stateless rules for
the vast majority of policies.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-ipfw
mailing list