Ian Smith wrote: [ ... ]
Read those ones for interest, but it leaves me wondering: can you use
stateful filtering in ipfw, then? (here ipfw1 on a 4.8-RELEASE box with
BRIDGE in kernel so far, but I imagine this would apply also to ipfw2?)
Yes, you ought to be able to perform stateful packet filtering with either ipfw1 or 2.
I'm aware that one can only filter incoming packets, so I've always wondered whether stateful rules made any sense in a bridge context?
A firewall filters packets which pass through it (ie, either via routing, bridging, or whatever the topology is). Yes, you can do stateful filtering on a bridge but you need to pay attention to the fact that you have both layer-2 and layer-3 traffic involved. You also need to enable a sysctl to have IPFW apply its rules to bridged traffic.
-- -Chuck _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
