Date: Thu, 8 Mar 2001 22:30:00 +0100 From: Arjan.deVet@adv.iae.nl (Arjan de Vet) To: security@freebsd.org Subject: Re: ipfw or ipf? Message-ID: <20010308222959.A91060@adv.devet.org> In-Reply-To: <200103080229.f282T8E27412@cwsys.cwsent.com> References: <5.0.2.1.0.20010307181400.0336ed18@pop.schulte.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <200103080229.f282T8E27412@cwsys.cwsent.com> Cy Schubert wrote: >Its been reported that the state engine in IP Filter is more mature and >more restrictive because of the checks it does for TCP packets being >within the TCP window. I'm not sure whether IPFW does the same. See the following paper by Guido van Rooij for more information about 'TCP packets being within the TCP window': http://home.iae.nl/users/guido/papers/tcp_filtering.ps.gz Arjan -- Arjan de Vet, Eindhoven, The Netherlands <Arjan.deVet@adv.iae.nl> URL: http://www.iae.nl/users/devet/ for PGP key: finger devet@iae.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010308222959.A91060>