From owner-freebsd-security  Fri Jan 15 04:04:44 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA00176
          for freebsd-security-outgoing; Fri, 15 Jan 1999 04:04:44 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA00155
          for <security@FreeBSD.ORG>; Fri, 15 Jan 1999 04:04:40 -0800 (PST)
          (envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged))
	by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id PAA01768; Fri, 15 Jan 1999 15:03:27 +0300 (MSK)
Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with SMTP id PAA23052; Fri, 15 Jan 1999 15:03:27 +0300 (MSK)
Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Fri, 15 Jan 1999 15:03:14 +0300
Received: from undisclosed-intranet-sender id xma007720; Fri, 15 Jan 99 15:03:08 +0300
Date: Fri, 15 Jan 1999 15:02:00 +0300
Message-Id: <199901151202.PAA28751@paranoid.eltex.spb.ru>
In-Reply-To: <XFMail.990114191745.mm@i.cz> from "Martin Machacek <mm@i.cz>"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: examples rules ipfw
To: mm@i.cz
Cc: ark@eltex.ru, security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Martin Machacek <mm@i.cz> said :

> > More than strange way to do. natd is ugly.
> 
> Agreed. Maybe I should try ipfilter. Does anybody know whether NAT that comes
> with ipfilter handles rsh correctly.

Not for now. But - there is an API that is defenitely better than natd's.
So it could be done..

> 
> > why not to use TIS fwtk instead?
> 
> Because of license. 

Things could change, TIS definitely did not like that, NAI can have 
different view on those things - have you try to ask them about
"temporary commercial license" or something alike..?

There are more funny details about that. See your mail.

> I unfortunately need it for a customer as a temporary
> solution until they gather enough budget to buy Gauntlet (which is not the
> greatest solution either).

Gauntlet is the best firewall on the market i've seen. 
Sometimes too expensive, although. 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNp8uN6H/mIJW9LeBAQFzmgP/a744UnchXLBKJytBa8Doizx+bKCYa2TG
WNPFWH+qH3sHreWtzYKO425299+mTbWZIYMG3aNP1VqtBZVAouIx+aYr2dbP+dHn
PzV+DDZXTED8aK4LCdjaM64RdoHkQR0IzAdeNPlzcNCm+xJuiHmH+o2MHm3TNfs6
22sdi2eaBkQ=
=aMRq
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message