Date: Tue, 25 Jul 2000 21:56:02 -0500 From: Stephen Montgomery-Smith <stephen@math.missouri.edu> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: log with dynamic firewall rules Message-ID: <397E5342.16736F51@math.missouri.edu> References: <200007260239.MAA02404@cairo.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Ah, well this shows my patchy knowledge. I didn't even know about ipf until I read your post. I'll go read the man pages. Would running both ipfw and ipf be considered over the top? Darren Reed wrote: > > ah, you've stumbled across that one :) > > pass in log first ... keep state > > is what you would do in IP Filter :-) Remember, that there may be some > situations where you want to log them all. On top of that, you can just > leave out "log" from the filter rule and use the state log instead. > > You know, in half the time you've spent toying with ipfw you could have > had ipfilter working and not had to patch the source O:-) > > It seems the "statefulness" of ipfw is much more complex than it should be. > > Darren > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Stephen Montgomery-Smith Department of Mathematics, University of Missouri, Columbia, MO 65211 Phone 573-882-4540, fax 573-882-1869 http://www.math.missouri.edu/~stephen stephen@math.missouri.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397E5342.16736F51>