Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 10 Jan 2015 15:55:02 +0600
From:      Victor Sudakov <>
Subject:   A superficially simple stateful ipfw configuration?
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

Has anyone been able to emulate the logic of Cisco PIX with ipfw?

Like, there are 3 interfaces: Inside, Outside and DMZ. You assign
security levels to the interfaces (Outside=0, DMZ=50, Inside=100) and
the traffic can be initiated only from the more secure interface to
the less secure one and not vice versa. The check-state traffic can
also return from the less secure interface to the more secure one.

It sounds simple but I have difficulties implementing the logic
with ipfw.  Any recipes/macros please?

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN

Want to link to this message? Use this URL: <>