Packet flow through IPFW+IPF+IPNAT ?
Fernando Gleiser
fgleiser at cactus.fi.uba.ar
Mon Jun 2 16:13:02 PDT 2003
On Mon, 2 Jun 2003, Vlad GALU wrote:
> Example one: IPF is compiled in kernel, IPFW is a module. In this case
> IPFW stands 'outside' of IPF.
> Example two: viceversa: the order in which they take action is reversed
> too.
Are you sure? Last time I saw the code (almost a year ago) it didn't
make a difference if they were loaded as modules or compiled in kernel.
The hooks were in the same place.
> IPNAT is always 'outside' IPF.
Or, in other words, IPF always 'sees' the real IPs, not the NATed ones.
Fer
More information about the freebsd-security
mailing list