[afnog] IPfw + natd
Brian Candler
B.Candler at pobox.com
Fri Dec 2 18:52:57 EAT 2005
> > What do you call advanced vs simple stateful ?
>
> check-state/keep-state vs. established/setup
Ah, I was wondering too. 'established/setup' isn't actually stateful at all,
in that the firewall doesn't remember any state between packets. The packets
themselves carry indications of the endpoint state :-)
I found interactions between ipfw and natd to be really hard to handle apart
from the simplest cases. I have had to have one rule to handle outbound
traffic at one point in the ruleset, and another rule to handle inbound
traffic at a different point in the ruleset; it was a nightmare.
Regards,
Brian.
More information about the afnog
mailing list