I want to build a transparent firewall based on IPFW. For static rules this is fine, but for dynamic rules, ipfw uses keepalive packet to avoid deleting a dynamic rule that both ends are still alive but don't issue any traffic for a long time. But this means the firewall should have it's own IPs and is not transparent anymore.