Date: Fri, 01 Aug 2003 08:44:43 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= <sten.daniel.sorsdal@wan.no> Cc: freebsd-ipfw@freebsd.org Subject: Re: Suggestion regarding a new option for IPFW2 Message-ID: <3F2A8AEB.10603@tenebras.com> In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F07DEFF@exchange.wanglobal.net> References: <0AF1BBDF1218F14E9B4CCE414744E70F07DEFF@exchange.wanglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sten Daniel Sørsdal wrote: > are you by any chance using NAT? if you are, then the firewall > does not need masking (it already has the public ip and this option > would be of little/no use). > if not, then you still have the issue of firewalls presence being > easily spotted. > > Thank you for your comments! I can see value in using a firewall in bridging mode, in which case sending ICMP messages might use an alias address not associated with any interface -- if there are no IP addrs on the external interface, for example.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F2A8AEB.10603>