Date: Wed, 31 Aug 2005 12:19:09 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: dandee@volny.cz Cc: freebsd-current@freebsd.org Subject: Re: Application layer firewall on FreeBSD, is it possible ? Message-ID: <20050831121627.J39418@fledge.watson.org> In-Reply-To: <20050830185851.ECF554E704@pipa.profix.cz> References: <20050830185851.ECF554E704@pipa.profix.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1143843103-1125487149=:39418 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 30 Aug 2005, [iso-8859-2] Daniel Dvo?=E1k wrote: > So, is there any way to do same application layer osi model firewall=20 > with FreeBSD gateway ? > > Of course, I tried to find on web, I have not been successful in=20 > searching so far. > > If my question is not right in this mailing list, if my question is=20 > annoying here, so I am sorry. I can't speak to the details of the environment or protocols, but you=20 might take a look at "ipfw fwd", which allows you to locally intercept=20 wide area network TCP connections passing through an IP router. This can= =20 be used for things like transparent proxy caching, transparent firewalls,= =20 and so on. ipfw(8) contains some details, but I've not played with it=20 myself so I can't tell you much more than that it looks like applications= =20 can simply bind a TCP port, and then you can use ipfw fwd to redirect=20 connections to it. I'm not sure how well ICMP is handled. Robert N M Watson --0-1143843103-1125487149=:39418--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050831121627.J39418>