On Thu, Jan 20, 2000 at 10:43:57PM -0700, Brett Glass wrote:
> Unfortunately, no. IPFW is stateless (at least from packet
> to packet). This makes it compact and fast but unable to
> detect or handle some situations by itself.
>
> You could write a daemon that hung off of a divert(4)
> socket (as natd does) to do this, but serious juju would
> be required.
>
The current way heart of the TCP stateful filtering engine in ipfilter
was designed by me. I am preparing an article on it which will
be preseneted at the European SANE conference
(http://www.nluug.nl/events/sane2000/index.html).
Once my article is ready you can probably easily use it to make
such a east for ipfw.
-Guido
in
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
