Date: 19 Jan 2004 20:13:33 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: freebsd-questions@freebsd.org Subject: Re: ipfw/nated stateful rules example Message-ID: <44ektvpgle.fsf@be-well.ilk.org> In-Reply-To: <MIEPLLIBMLEEABPDBIEGIECMFFAA.fbsd_user@a1poweruser.com> References: <MIEPLLIBMLEEABPDBIEGIECMFFAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"fbsd_user" <fbsd_user@a1poweruser.com> writes: > Sorry but the rule set you posted is doing 'keep-state' on the lan > interface and not the interface facing the public internet. All the > rule statements processing against the public interface are > stateless. Doing stateful testing on the private lan is just waste > of cpu cycles, it proves nothing other than you have less turst in > your lan users that you have in unknown public internet users. Not really; the stateful rules are being applied against the public Internet responses to packets sent out by the LAN users. -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password "public"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44ektvpgle.fsf>